The 2014 SACMAT is the premier forum for researchers advancing the state of the art in access control
Nedap's research paper demonstrated a solution to overcome complexity and enhance organisational scalability

Researchers of Nedap Security Management have taken another perspective on role based access control, which allows for easier management of identities and authorisations and ultimately enhances organisational scalability. Their research paper “Sorting out role based access control” was awarded the Best Paper Award during the 2014 ACM Symposium on Access Control Models and Technologies (SACMAT), the premier forum for researchers advancing the state of the art in access control.

Managing identities and authorisations in any organisation should be simple, regardless the size and scale of the organisation. This improves compliance to the security policy, increases security, decreases human errors and saves time. However, we noticed that when organisations and companies grow, the management of identities and authorisations often becomes prohibitively complex as management in this case involves, for example, more areas, more people and more schedules, and therefore more permissions and more access-rules.

Wouter Kuijper and Victor Ermolaev, both researchers of Nedap Security Management, have addressed this problem and demonstrated a solution to overcome complexity and enhance organisational scalability. They first identified a fragment of the popular framework for modelling access control rules, role based access control (RBAC) which allowed them to make an important conceptual step in developing a new form of RBAC particularly well suited to physical access control. Their introduction of polarissed, bi-sorted role based access control suggests to treat permissions via demarcations separately from subjects via proper roles, moreover it allows safe and understandable mixing of positive specification style (i.e.: saying who has access) and negative specification style (i.e.: saying who does not have access).

Managing identities and authorisations
in any organisation should be simple,
regardless the size and scale of the
organisation

In contrast, ‘classic’ role based access control does not distinguish proper roles from demarcations and it does not allow the negative specification style to be used. The researchers then propose a third dimension where the 2 administrative perspectives are linked up, which is access management itself, now recovered on a more manageable abstraction level, and much more suitable to the responsibilities of security officers working in large organisations. The decoupling of the 2 administrative perspectives has several benefits for practitioners working within physical security and ultimately leads to more organisational scalability. Presented at the 2014 ACM Symposium on Access Control Models and Technologies (SACMAT) in London, Ontario the research was awarded the Best Paper Award. The SACMAT symposium is organised by the ACM Special Interest group in Security Audit and Control (SIGSAC). It is the premier forum for researchers advancing the state of the art in access control.

Download PDF version

Nedap Security Management case studies

Nedap AEOS access control system secures Swiss Re buildings

Swiss Re, a global reinsurer, will equip 48 of its buildings with the latest version of AEOS, Nedap’s physical access control system. Through a state-of-the-art badge system, using Mifare Desfire card technology, employees with specific safety and security clearance will be able to access dedicated Swiss Re buildings. The implementation of AEOS is part of the Global PACS project to replace ageing access control systems in Swiss Re buildings around the world. The AEOS system is designed to...

Nedap AEOS Security Management Platform secures BNP Paribas bank

“It’s obvious that a prominent bank like BNP Paribas has to take processes like security extremely seriously", said Alan Ford, Security Manager at BNP Paribas. Spread over several office buildings, more than 4000 staff make daily use of the AEOS Security Management Platform to enter the restricted areas for which only they have been authorised. BNP Paribas needs be certain that they can rely on their access control system. Even though their previous Nedap WinXS system did just t...

Nedap AEOS provides centrally managed access control for Dutch municipality

The municipality of Haarlemmermeer wanted to replace the existing access control system and bring city hall security up to modern standards. They looked for a system that could manage all municipal buildings centrally. For this reason, the system had to be easily expandable. The access control system also had to include camera supervision of employees' sign-in and sign-out process. Existing access control infrastructure When implementing the new system, the municipality wanted...