An access control reference architecture

Abstract

System administrators typically have unrestricted access to all files and programs on a system, with no enforced principle of least privilege. Additionally, this unrestricted access causes challenges for audit as many different users might have superuser access and the audit trail may not distinguish between the actual users, recording instead all access as being by "superuser". These two issues result in further concerns regarding compliance for those organizations subject to government regulations (such as Sarbanes-Oxley in the United States). In this paper we present a reference architecture for an access control mechanism that addresses this issue by focusing specifically on the control and audit of system administrators. This reference architecture has been implemented and widely deployed. We describe some of its capabilities through a case study.