Access Control Design and Implementations in the ATLAS Experiment

Author

Leahu, Marius Constantin ; Dobson, Marc ; Avolio, Giuseppe

Author_Institution

CERN, Geneva

Volume

55

Issue

1

fYear

2008

Firstpage

386

Lastpage

391

Abstract

The ATLAS experiment operates with a significant number of hardware and software resources. Their protection against misuse is an essential task to ensure a safe and optimal operation. To achieve this goal, the Role Based Access Control (RBAC) model has been chosen for its scalability, flexibility, ease of administration and usability from the lowest operating system level to the highest software application level. This paper presents the overall design of RBAC implementation in the ATLAS experiment and the enforcement solutions in different areas such as the system administration, control room desktops and the data acquisition software. The users and the roles are centrally managed using a directory service based on Lightweight Directory Access Protocol which is kept in synchronization with the human resources and IT databases.

Keywords

authorisation; data acquisition; database management systems; high energy physics instrumentation computing; position sensitive particle detectors; ATLAS experiment; IT databases; RBAC model; control room desktops; data acquisition software; human resources; lightweight directory access protocol; role based access control model; system administration; Access control; Application software; Control systems; Data acquisition; Hardware; Human resource management; Operating systems; Protection; Scalability; Usability; Access control; databases; roles; security;

fLanguage

English

Journal_Title

Nuclear Science, IEEE Transactions on

Publisher

ieee

ISSN

0018-9499

Type

jour

DOI

10.1109/TNS.2007.912071

Filename

4448501