Task-based Administrative RRAC And Its Prototype In Linux

RBAC has received considerable attention as a promising alternative to traditional discretionary and mandatory access control. The administration of RBAC is very important and must be carefully controlled to ensure the policy does not drift away from its original objectives. Decentralizing the details of RBAC administration without loosing central control over broad policy is a challenging goal for system designers. The RBAC self-administration simplifies the complexity of the access control mechanism realization while weakens its security.This dissertation focuses on the administrative workflow of RBAC and attempts to use task-based authorization for improving the administration of RBAC.It discusses most of the administrative functions based on three kinds of RBAC models formulized in NIST RBAC, and employe some of them for our prototype. Then the tasks and workflow for administrative RBAC are proposed. The administrative workflow is generalized in terms of the real administration steps to partially overcome above limitations of ARBAC. Finally we integrate the workflow into a simple administrative RBAC prototype using task-based authorization. This prototype models the Task-based Administrative RBAC (TARBAC) on the foundation of RBAC96. It just serves for the file secure in Linux, using the Linux Security Module (LSM) to enforce the administrative access control policy.