Bao Yi Wang,Wen Xue Zhang,Shao Min Zhang

DOI: https://doi.org/10.4028/www.scientific.net/amm.713-715.2532

2015-01-01

Applied Mechanics and Materials

Abstract:A combination of Task and Role-based Access Control with multi-constraint is put forward in this paper. It is designed to solve problem of access control management about collaborators in workflow system, whose difficulties lie in complex authorization and low users efficiency. It combines the tasks and roles, classifies tasks, simplifies permissions management, defines the mutually exclusive roles and binding tasks and formulates dynamic users allocation policies by establishing a users execution history table to improving the efficiency. Finally, a specific dynamic access control design is given for electric power enterprise equipment maintenance management workflow, the given example shows that the model and algorithm satisfies the principle of least permission and separation of duties and ensures the workflow system to execute tasks safely and efficiently.

JING Dong-sheng,YANG Ji-wen

DOI: https://doi.org/10.3969/j.issn.1673-629x.2006.02.071

2006-01-01

Abstract:The research work of RBAC(role-based access control) and TBAC(task-based access control) is greatly emphasized in recent years.This paper compares the characteristics and applicability spectrum of some recent models.To the deficiency of the existing model,in order to improve the security,compatibility and practicability of application systems,through combining the advantages of RBAC and TBAC model,a new-type model,T-RBAC(task-role based access control),is discussed.The configuration and characteristics of the model is described.The support of least privilege,separation of duties,data abstraction and roles hierarchies in the model is explained.An application of the model in computer supported cooperative system and the main goal of future research is presented.

王刚,宋执环

DOI: https://doi.org/10.3969/j.issn.1000-3428.2002.09.044

2002-01-01

Abstract:In this paper, the construction of role-based access control is discussed. Aiming at the complexity of the subjects, combined with the particularity of actions and objects in document management, considering the restriction of subject and the state of object, some improvement is made in the original RBAC and a new team-role-based document access control which is named TRBDAC model is presented. ;

皮建勇,刘心松

DOI: https://doi.org/10.3969/j.issn.1009-3087.2005.01.027

2005-01-01

Abstract:In order to express the complicated and dynamic access control authorization relations in the real world,a novel model—TD-RBAC(Task-based Dynamic RBAC) was proposed.The concurrent transaction logic was described by the extended predicate task model and the dynamic constraint relations among the subtasks was found out by analyzing the concurrent executive net of subtasks.The dynamic role constraint relations based on the traditional RBAC was extended. The analysis of the performance evaluating showed that the TD-RBAC has favorable access control efficiency under the distributed parallel computing.

Deqing Zou,Ligang He,Hai Jin,Xueguang Chen

DOI: https://doi.org/10.1016/j.jnca.2008.02.015

IF: 7.574

2009-01-01

Journal of Network and Computer Applications

Abstract:Interactions between resources as well as services are one of the fundamental characteristics in the distributed multi-application environments. In such environments, attribute-based access control (ABAC) mechanisms are gaining in popularity while the role-based access control (RBAC) mechanism is widely accepted as a general mechanism for authorization management. This paper proposes a new access control model, CRBAC, which aims to combine the advantages of RBAC and ABAC, and integrates all kinds of constraints into the RBAC model. Unlike other work in this area, which only incorporates one or a few particular attribute constraints into RBAC, this paper analyses and abstracts the generic properties of the attribute constraints imposed on authorization systems. Based on these analyses and generalization, two constraints templates are presented, called authorization mapping constraint template and behaviour constraint template. The former template is able to automate the user-role and role-permission mapping, while the latter is used to restrict the behaviours of the authorization entities. The attribute constraints are classified into these two templates. Moreover, the state mechanism is introduced to build up the constraints among the statuses of the entities, and reflect the outcomes of the authorization control as well. Based on the presented templates and the state mechanism, the execution model is developed. A use case is proposed to show the authorization process of our proposed model. The extensive analyses are conducted to show its multi-grained constraints by comparing with other models.

Kai Ouyang,Hengqing Wang,Lijun Dong,Jingli Zhou

DOI: https://doi.org/10.13245/j.hust.2008.10.020

2008-01-01

Abstract:MD-RBAC (multi-dimensional role based access control) model was presented after GTRBAC (generalized temporal role based access control) model and the CT-RBAC (conditional temporal role based access control) models were analyzed, which is designed to have the capability to capture multi concurrent context parameters in RBAC. In MD-RBAC, the notions of the constraint dimension and the constraint space were introcuced: one type of constraints which represents one type security factor is one constraint dimension, and the constraint space is composed of all types of constraints. Based on the above notions, one reliable constraint framework is provided for the RBAC model, by which the RBAC model can be easily applicable for sophisticated environments and the flexibility and variety of the constraint control mechanism is improved. Furthermore, we enrich the predicate state semantics in MD-RBAC and analyze the conflict event and the conflict constraint for the multi-dimensional constraint semantics.

Yi Ren,Zhiting Xiao,Sipei Guo

DOI: https://doi.org/10.1109/isecs.2008.163

2008-01-01

Abstract:Role based access control (RBAC) has been widely adopted as a policy neutral access control model by many IT corporations. RBAC96, which is the most famous family of RBAC models, provides a common frame reference for related research and development. Many properties proposed in the family, e.g. limited inheritance, mutually exclusive roles, cardinality, and interaction, have been separately discussed in the previous work. In this paper, an extended RBAC model implementing those properties is proposed to provide an approach for implementing RBAC3. The extended RBAC model is based on deputy mechanism and is called deputy-based access control (DBAC). Since the private role hierarchy and constraint can be uniformly handled in DBAC, a flexible and powerful access control system can be implemented.

LI Hong-wei,WANG Xiao-ming

DOI: https://doi.org/10.3969/j.issn.1000-7180.2006.12.040

2006-01-01

Abstract:But most of the existing RBAC models are static,and the dynamic management for roles is required by morden software systems.With the notions,role environment function and role constraint rule used,a new model,extended role-based access control(ERBAC)is proposed,the dynamic characteristic of RBAC in special-time is extended,the new relationships among roles,the grant rules and formal descriptions are defined and discussed.Finally,a basic framework implementing ERBAC model is given.

Wang Zhenjiang,Liu Qiang

DOI: https://doi.org/10.3321/j.issn:1002-8331.2005.35.009

2005-01-01

Abstract:Authority Management is a most important aspect of Information Systems.A successful information system is always supported by a well-designed access control system.Role-based access control policy,which is the focus of access control study nowadays,is more flexible and less management burden.Based on Role-Based Access Control(RBAC) and Task-Role-based Access Control,this paper gives a flexible extended access contrl models,XRBAC,standing for Extended Role-Based Access Control,which extends the definition of role management and authority.

chen lin,yang fumin,hu guanrong

DOI: https://doi.org/10.3321/j.issn:1671-4512.2002.02.035

2002-01-01

Abstract:This thesis presents a multi hierarchy model RBMHAC for role based control based on the model of the role based access control (RBAC). The concept of "domain" is introduced in this model to simulate the hierarchy management system of the real world, realizing the multi hierarchy security management efficiently through the security management of the domain users. The RBMHAC model can provide a more complete access control stratagem and manage the roles more conveniently and efficiently.

ZHANG Shuai,SUN Jian-ling,XU Bin,HUANG Chao

DOI: https://doi.org/10.3785/j.issn.1008-973X.2012.11.015

2012-01-01

Abstract:A dynamic multiple domains access control model base on role based access control(RBAC) was proposed in order to solve the problem that current single domain based access control model cannot fulfill the authorization requirements for service compositions crossing multiple enterprises.The process structures were analyzed and a role mining algorithm was proposed to find the role set with minimized permissions that meet the access requirements of composite services.Authorization negotiations were set up among relevant domains for each cross domain operation in composite services and cross domain role mappings were built according the mined role sets with minimized cost to fulfill the cross domain operations.Based on this model,a runtime framework aligned with current industry standard was proposed to authorize dynamically based on the current running status of composite services.Simulation experiments showed the effectiveness of key part of the role mining algorithm.

Zhao XiuFeng,Guo YuanBo

2007-01-01

Abstract:Introduce the concept of task and task instance into role-based access control model,build the role & task-based ac-cess control model,propose its formal definition.The security of the model is analyzed,the result show that role & task-based ac-cess control model supports two security principles such as least privilege and separation of duty,and has good dynamic adoption.

Xu Heng,Zhao Song-zheng,Zhang Xiao-di,Gao Na

DOI: https://doi.org/10.1109/wicom.2008.2923

2008-01-01

Abstract:A three-level access control model based on role, department and task is proposed in this paper. Task is one of the basic concepts in project management research area and department is one of the basic concepts in organizational structure theory. After introducing the concepts of task and department, this model regards them as independent authorization factor with role of the traditional RBAC96. This model could effectively reduce the amount of roles that should be assigned to the users of same position with different business scope and the other users of same business scope with different position. The practice has shown that this model could simplify the authorization management and improve the flexibility of access control.

WANG Hou-xiang,LI Hui

DOI: https://doi.org/10.3969/j.issn.1000-7024.2006.18.057

2006-01-01

Abstract:Complex access control requirement of distributed command and control system in a certain great application system is analyzed in detail.The advantage and shortage of RBAC and TBAC in practice are demonstrated.Then according to the collateral-task and the pipelining characters of the distributed command and control system,D_TRBAC model is built,and the implement of D_TRBAC is studied.

Chaoying He,Jun Chen,Jie Jiang,Gang Han

DOI: https://doi.org/10.1117/12.651143

2005-01-01

Abstract:Access control is an important and popular security mechanism for multi-user applications. GIS-based Computer Supported Cooperative Work (G-CSCW) application is one of such applications. This paper presents an improved Task-Role-Based Access Control (X-TRBAC) model for G-CSCW applications. The new model inherits the basic concepts of the old ones, such as role and task. Moreover, it has introduced two concepts, i.e. object hierarchy and operation hierarchy, and the corresponding rules to improve the efficiency of permission definition in access control models. The experiments show that the method can simplify the definition of permissions, and it is more applicable for G-CSCW applications.

Nuermaimaiti·Heilili,LUO Zhen-xing,LIN Zuo-quan

DOI: https://doi.org/10.3969/j.issn.1000-3428.2008.08.007

2008-01-01

Abstract:Constraints are considered to be the principal motivation for Role-Based Access Control(RBAC).This paper analyzes XML based access control language XACML and points out some shortcomings of the XACML profile for RBAC.It provides role enablement authority to extend this profile,in this way,several kinds of constraints of RBAC such as separation of duty constraints and cardinality constraints can be enforced and implemented using XACML.

Jianwei Yin,Zhengqian Xu,Zhilin Feng,Gang Chen,Jinxiang Dong

DOI: https://doi.org/10.3321/j.issn:1003-9775.2006.01.023

2006-01-01

Abstract:Based on the rule of task, a novel task-based access control (TBAC) model was proposed to improve the permission administration and mechanism in the conventional TBAC model by the definitions of task-permission set alone. The permission constraints focus both on the task and permission, and some formal analyses and some constraints rules for permission set are presented. The proposed model was applied to the Aerospace Vehicle Collaborative Development Management system AVIDM. Experimental results show that the model could provide a more agile authorization and enhance the practicability of task model. Moreover, it simplifies the task complexity of permission administration. It is well suited to the access control in transaction management system and workflow system.

Fang Yin,Yuqing Sun,Peng Pan,Liang Feng

DOI: https://doi.org/10.1109/spca.2006.297480

2006-01-01

Abstract:With the development of pervasive computing technology, the workflow system has been widely applied in large enterprises for cooperation. The Task- Role Based Access Control model (T-RBAC) presented recently is regarded as an efficient access control model for workflow. But along with the increase of the number of users and roles, how to decrease the complexity of management has become an important issue. The intention of this paper is to introduce the notion of "Object-oriented inheritance" to support the role hierarchy in T-RBAC for efficient role management. A series of rules and algorithms is defined so as to verify and maintain constraint consistency. Moreover, an integrated architecture is presented to support the inheritance.

AN Xiao-ming,WANG Xiao-ming,WANG Qiao-ling

DOI: https://doi.org/10.3778/j.issn.1002-8331.2010.07.027

2010-01-01

Abstract:The highly development of information technology has brought new challenges to information security.Because of the lack of time and space constraints,traditional RBAC model cann't meet the new requirements of information system.On the basis of RBAC,the definition of spatio-temporal domain is introduced,each element of the model is constrained with time and space,and the spatio-temporal role based access control model(TSRBAC) is proposed.In this paper,TSRBAC is described formally,spatio-temporal role hierarchy and spatio-temporal separation of duty are defined.The spatio-temporal access control algorithm has also been given.

XIA Peng-wan,CHEN Rong-guo,SUN Jian

2007-01-01

Abstract:The traditional role based access control model (RBAC) can not avoid some security flaws, because the components and the constraints of the model are too simple. Based on the traditional RBAC, a enhanced RBAC model (ERBAC) was brought forward, which expanded the components and the constraints. Besides, this new model features the separated administrative permissions, complete constraints and better utility.