Extending RBAC for Large Enterprisesand Its Quantitative Risk Evaluation

摘要

Systems and security products based on the RBAC modelhave been widely introduced to enterprises. Especially, the demands onenforcement of enterprise-level security policies and total identity man-agement are rapidly growing. The RBAC model needs to be extendedto deal with various circumstances of large enterprises, such as ge-ographical distribution and heterogeneous environments includingphysical access control. In this paper, we introduce a new RBAC model, suitable for single sign-on systems. This model optimizesevaluation of rule-based RBAC so that total operation costs and pro-ductivity can be improved. Furthermore, to select most cost-effective RBAC extensions for en-terprise-wide requirements, we propose a quantitative risk evaluationmethod based on fault trees. We construct fault trees having securityviolation and productivity loss as top events, and RBAC standard func-tions and security incidents as basic events. Probabilities of the topevents are computed for given RBAC models and operation environ-ments. We apply this method to a real enterprise system using theabove RBAC extension and the proposed model realizes more safetyand productivity over the base model.