Trusted Administration of Large-Scale Cryptographic Role-Based Access Control Systems

On Optimal Employee Assignment in Constrained Role-Based Access Control Systems

ACM Transactions on Management Information Systems ◽

10.1145/2996470 ◽

2017 ◽

Vol 7 (4) ◽

pp. 1-24 ◽

Cited By ~ 4

Author(s):

Arindam Roy ◽

Shamik Sural ◽

Arun Kumar Majumdar ◽

Jaideep Vaidya ◽

Vijayalakshmi Atluri

Keyword(s):

Access Control ◽

Control Systems ◽

Role Based Access Control ◽

Role Based

Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems

Proceedings of the second ACM workshop on Role-based access control - RBAC '97 ◽

10.1145/266741.266749 ◽

1997 ◽

Cited By ~ 57

Author(s):

D. Richard Kuhn

Keyword(s):

Access Control ◽

Control Systems ◽

Mutual Exclusion ◽

Role Based Access Control ◽

Separation Of Duty ◽

Role Based

A Role-Based Access Control Model in Modbus SCADA Systems. A Centralized Model Approach

Sensors ◽

10.3390/s19204455 ◽

2019 ◽

Vol 19 (20) ◽

pp. 4455 ◽

Cited By ~ 7

Author(s):

Figueroa-Lorenzo ◽

Añorga ◽

Arrizabalaga

Keyword(s):

Performance Analysis ◽

Access Control ◽

Control Systems ◽

Security Analysis ◽

Control Model ◽

Transport Layer ◽

Role Based Access Control ◽

Access Control Model ◽

Modbus Protocol ◽

Role Based

Industrial Control Systems (ICS) and Supervisory Control systems and Data Acquisition (SCADA) networks implement industrial communication protocols to enable their operations. Modbus is an application protocol that allows communication between millions of automation devices. Unfortunately, Modbus lacks basic security mechanisms, and this leads to multiple vulnerabilities, due to both design and implementation. This issue enables certain types of attacks, for example, man in the middle attacks, eavesdropping attacks, and replay attack. The exploitation of such flaws may greatly influence companies and the general population, especially for attacks targeting critical infrastructural assets, such as power plants, water distribution and railway transportation systems. In order to provide security mechanisms to the protocol, the Modbus organization released security specifications, which provide robust protection through the blending of Transport Layer Security (TLS) with the traditional Modbus protocol. TLS will encapsulate Modbus packets to provide both authentication and message-integrity protection. The security features leverage X.509v3 digital certificates for authentication of the server and client. From the security specifications, this study addresses the security problems of the Modbus protocol, proposing a new secure version of a role-based access control model (RBAC), in order to authorize both the client on the server, as well as the Modbus frame. This model is divided into an authorization process via roles, which is inserted as an arbitrary extension in the certificate X.509v3 and the message authorization via unit id, a unique identifier used to authorize the Modbus frame. Our proposal is evaluated through two approaches: A security analysis and a performance analysis. The security analysis involves verifying the protocol's resistance to different types of attacks, as well as that certain pillars of cybersecurity, such as integrity and confidentiality, are not compromised. Finally, our performance analysis involves deploying our design over a testnet built on GNS3. This testnet has been designed based on an industrial security standard, such as IEC-62443, which divides the industrial network into levels. Then both the client and the server are deployed over this network in order to verify the feasibility of the proposal. For this purpose, different latencies measurements in industrial environments are used as a benchmark, which are matched against the latencies in our proposal for different cipher suites.

A feature-based approach for modeling role-based access control systems

Journal of Systems and Software ◽

10.1016/j.jss.2011.03.084 ◽

2011 ◽

Vol 84 (12) ◽

pp. 2035-2052 ◽

Cited By ~ 14

Author(s):

Sangsig Kim ◽

Dae-Kyoo Kim ◽

Lunjin Lu ◽

Suntae Kim ◽

Sooyong Park

Keyword(s):

Access Control ◽

Control Systems ◽

Role Based Access Control ◽

Feature Based ◽

Role Based

An Audit-Integrated ARBAC Model

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.263-266.1600 ◽

2012 ◽

Vol 263-266 ◽

pp. 1600-1604

Author(s):

Qiang Liu ◽

Jian Hua Zhang

Keyword(s):

Access Control ◽

Decision Process ◽

Large Scale ◽

Control Model ◽

Main Stream ◽

Role Based Access Control ◽

Access Control Model ◽

Distributed Application ◽

Role Based ◽

Set Up

Role-Based Access Control (RBAC) model is the main-stream access control model. When addressing large-scale and distributed application, the highest Security Administrator(SA) of RBAC model always try to transfer his management authority to his inferior SAs to decrease his workload. However, How to ensure that these inferior SAs perform their management authorities legally is a big problem. Although there are a technology framework of administrative RBAC model, named ARBAC97, the supervise mechanism and audit mechanism on the utilization of transferred authorities is incomplete in RBAC model. In this research, an audit-integrated ARBAC (au-ARBAC) model is presented. In the au-ARBAC model, a right and liability mechanism has been set up, an audit role is defined and auditing permission is assigned to this role. At the same time, we put forwards two types basic audit business: routine audit and accident audit. As to accident audit, a decision process for division of responsibility is designed to clarify the responsibility of wrongdoer SAs. The Au-ARBAC model can help to improve the Consciousness of authorization responsibility and to perform their management authorities responsibly and legally.

Meta-policies for distributed role-based access control systems

Proceedings Third International Workshop on Policies for Distributed Systems and Networks ◽

10.1109/policy.2002.1011298 ◽

2003 ◽

Cited By ~ 12

Author(s):

A. Belokosztolszki ◽

K. Moody

Keyword(s):

Access Control ◽

Control Systems ◽

Role Based Access Control ◽

Role Based

Secure administration of cryptographic role-based access control for large-scale cloud storage systems

Journal of Computer and System Sciences ◽

10.1016/j.jcss.2014.04.019 ◽

2014 ◽

Vol 80 (8) ◽

pp. 1518-1533 ◽

Cited By ~ 17

Author(s):

Lan Zhou ◽

Vijay Varadharajan ◽

Michael Hitchens

Keyword(s):

Access Control ◽

Cloud Storage ◽

Large Scale ◽

Storage Systems ◽

Role Based Access Control ◽

Role Based

On Formalizing and Normalizing Role-Based Access Control Systems

The Computer Journal ◽

10.1093/comjnl/bxn016 ◽

2008 ◽

Vol 52 (3) ◽

pp. 305-325 ◽

Cited By ~ 12

Author(s):

D. Power ◽

M. Slaymaker ◽

A. Simpson

Keyword(s):

Access Control ◽

Control Systems ◽

Role Based Access Control ◽

Role Based

Privacy and security of electronic patient records – Tailoring multimethodology to explore the socio-political problems associated with Role Based Access Control systems

European Journal of Operational Research ◽

10.1016/j.ejor.2017.07.041 ◽

2018 ◽

Vol 265 (1) ◽

pp. 344-360 ◽

Cited By ~ 6

Author(s):

Adrian Small ◽

David Wainwright

Keyword(s):

Access Control ◽

Control Systems ◽

Role Based Access Control ◽

Patient Records ◽

Electronic Patient Records ◽

Privacy And Security ◽

Role Based

Conformance Testing of Temporal Role-Based Access Control Systems

IEEE Transactions on Dependable and Secure Computing ◽

10.1109/tdsc.2008.41 ◽

2010 ◽

Vol 7 (2) ◽

pp. 144-158 ◽

Cited By ~ 24

Author(s):

Ammar Masood ◽

Arif Ghafoor ◽

Aditya Mathur

Keyword(s):

Access Control ◽

Control Systems ◽

Conformance Testing ◽

Role Based Access Control ◽

Role Based