By Topic

Challenges of “operationalizing” dynamic system access control: Transitioning from ABAC to RAdAC

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Bassam Farroha ; Department of Defense, Fort Meade, MD ; Deborah Farroha

While the DoD has a strong identity and credential management foundation, much work remains to achieve the DoD access control vision of providing dynamic access control with appropriate granularity. Ongoing access control investments are transitioning from administrators manually provisioning of user accounts to Attribute-Based Access Control (ABAC) capabilities. While this offers significant operational benefits over manual provisioning, ABAC capabilities must evolve. A limiting factor of the ABAC method is its reliance on the availability of authoritative attributes, and the need for access control policies that focus on specific access requests and still result in desired enterprise-wide operations. In today's DoD mission and business environments, there is a compelling need to provide authorized users, both anticipated and unanticipated, access to sensitive and classified enterprise information and the resources they need, when and where they need it, while preventing disclosure or exploitation by malicious insiders and other adversaries access to the same information. To meet this challenge, a DoD-wide Dynamic Access Management capability is needed by combining ABAC with risk management to achieve Risk Adaptive Access Control (RAdAC).

Published in:

Systems Conference (SysCon), 2012 IEEE International

Date of Conference:

19-22 March 2012