Sciweavers

ACSAC
2002
IEEE

A Financial Institution's Legacy Mainframe Access Control System in Light of the Proposed NIST RBAC Standard

14 years 5 months ago
A Financial Institution's Legacy Mainframe Access Control System in Light of the Proposed NIST RBAC Standard
In this paper we describe a mainframe access control system (DENT) and its associated delegated administration tool (DSAS) that were used in a financial institution for over 20 years to control access to banking transaction products. The first part of this paper describes the design and operation of DENT/DSAS as an example of a long-lived access control system in a financial institution. A standard for Role-Based Access Control (RBAC) has recently been proposed by the United States National Institute of Standards and Technology (NIST). The second part of this paper discusses how the functionality of DENT/DSAS could be achieved by applying its principles of operation within the NIST model. In so doing we also evaluate the proposed standard by validating it against the requirements embodied in a successful access control system. We conclude with some observations about the design of DENT/DSAS and suggestions for changes in the proposed RBAC standard to accommodate some features of DE...
Andrew D. Marshall
Added 14 Jul 2010
Updated 14 Jul 2010
Type Conference
Year 2002
Where ACSAC
Authors Andrew D. Marshall
Comments (0)