In spite of the large effort behind the development of the WBEM and CIM standards for the management of distributed systems, there has been very little work addressing security in those standards. In this paper we present a Role-based Access Control (RBAC) policy language to render fine-grained access control policies for WBEM and CIM. The language is an extension of CIM-SPL, a preliminary DMTF policy language standard. The CIM-SPL RBAC extension fully complies with the WBEM standards. Access control policies can be specified for CIM object constructs according to the standard NIST RBAC model as well as with an extended model adapted for CIM. An implementation framework for the CIM-SPL RBAC in the OpenPegasus WBEM infrastructure is also presented to demonstrate its usability. Some design choices and implementation issues are discussed in detail. This framework provides an end to end solution to deploy a policy-based RBAC mechanism in the WBEM infrastructure.
By: Li Pan; Jorge Lobo; Seraphin Calo
Published in: RC24875 in 2009
LIMITED DISTRIBUTION NOTICE:
This Research Report is available. This report has been submitted for publication outside of IBM and will probably be copyrighted if accepted for publication. It has been issued as a Research Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher, its distribution outside of IBM prior to publication should be limited to peer communications and specific requests. After outside publication, requests should be filled only by reprints or legally obtained copies of the article (e.g., payment of royalties). I have read and understand this notice and am a member of the scientific community outside or inside of IBM seeking a single copy only.
Questions about this service can be mailed to reports@us.ibm.com .