Access Control

Forum paper on access control

by Mark Rowe

Researchers of Nedap Security Management have taken another perspective on role based access control, which allows for easier management of identities and authorisations.

Their research paper “Sorting out role based access control” was awarded the Best Paper Award during the 2014 ACM Symposium on Access Control Models and Technologies (SACMAT), the premier forum for researchers in access control.

Managing identities and authorizations in any organization should be simple, regardless the size and scale of the organization. This improves compliance to the security policy, increases security, decreases human errors and saves time. However, we noticed that when organisations and companies grow, the management of identities and authorisations often becomes prohibitively complex as management in this case involves, for example, more areas, more people and more schedules, and therefore more permissions and more access-rules.

Wouter Kuijper and Victor Ermolaev, researchers of Nedap Security Management, have addressed this problem and demonstrated a solution to overcome complexity and enhance organisational scalability. They first identified a fragment of the popular framework for modelling access control rules, role based access control (RBAC) which allowed them to make a conceptual step in developing a new form of RBAC particularly well suited to physical access control. Their introduction of polarised, bi-sorted role based access control suggests to treat permissions via demarcations separately from subjects via proper roles, moreover it allows safe and understandable mixing of positive specification style (ie: saying who has access) and negative specification style (ie: saying who does not have access). In contrast, ‘classic’ role based access control does not distinguish proper roles from demarcations and it does not allow the negative specification style to be used. The researchers then propose a third dimension where the two administrative perspectives are linked up, which is access management itself, now recovered on a more manageable abstraction level, and much more suitable to the responsibilities of security officers working in large organisations.

The decoupling of the two administrative perspectives has several benefits for practitioners working within physical security and ultimately leads to more organisational scalability. Presented at the 2014 ACM Symposium on Access Control Models and Technologies (SACMAT) in London, Ontario the research was awarded the Best Paper Award. The SACMAT symposium is organised by the ACM Special Interest group in Security Audit and Control (SIGSAC).

Related News

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing