Lin Yao,Xiangwei Kong,Zichuan Xu

DOI: https://doi.org/10.1109/NCM.2008.75

2008-01-01

Abstract:Although RBAC models have received broad support as a generalized approach to access control, the administration of roles in large organizations can become quite cumbersome. In this paper, we develop a new paradigm for access control and authorization management, called task-role based access control (TRBAC) with multi-constraint. The basic idea of this model different from traditional RBAC is that roles and permissions are not connected directly but are put together by tasks. It is a dynamic authorization model with fine-grained partition on users, roles, tasks and sessions. The unit of task becomes the permission granularity. It is more convenient for enterprise privilege management such as distributed application,C/S access control and workflow management. It can reduce the administrator's burden and avoid some potential safety hazards because of adopted dynamic authorization.

黄益民,杨子江,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2004.04.005

2004-01-01

Abstract:The traditional role-based access control (RBAC) model was extended in this work aimed at studying practical ways to implement access control, enforce security administration, and acquire available information from real world to construct an access control model and establish security policies. A three-layered architecture for role-based security administration was proposed. And a practical way was presented to implement role-based access control and role-based security administration ,so that cross-platform role-based access control is implemented automatically and systematically in the security administration system.

Zhiwen Zou,Changqian Chen,Shiguang Ju,Jiming Chen

DOI: https://doi.org/10.1007/978-3-642-12189-0_26

2010-01-01

Abstract:The Spatial Role-Based Access Control (SRBAC) model was discussed in this paper. Firstly, the formal definition of SRBAC Model was given; then the region coverage constraint of spatial object, duration constraint of spatial object, various spatial object separations of duty constraints and spatial object cardinality constraint of role activation were researched; after extending the traditional session, the strategy of eliminating the conflictive session was presented; Finally, the role hierarchy has been discussed under the spatial environment. Combined with practical application, the theory of secure DBMS was optimized and afforded to build the stricter system.

任魁,王普,李亚芬

DOI: https://doi.org/10.3969/j.issn.1671-0428.2008.09.012

IF: 5.105

2008-01-01

Computers & Security

Abstract:In developing and application of information systems, there are some disadvantages in classic access control based-on role of the real application system. This paper shows a application based on the RBAC model and improves the classic model. Then we use this model in the management of resources. In realizing the whole access control, this paper analyzes and realizes the permission management and access control policy in two dimensions, functional permission dimension and resource permission dimension. Via this analyzing and designing, we separated the whole access control from the business process of systems, including the separation of functional permission and the separation of resource permission. It helps to improve the flexibility and expansibility of systems.

JeeHyun Hwang,Tao Xie,Donia El Kateb,Tejeddine Mouelhi,Yves Le Traon

DOI: https://doi.org/10.1145/2351676.2351719

2012-01-01

Abstract:As security requirements of software often change, developers may modify security policies such as access control policies (policies in short) according to evolving requirements. To increase confidence that the modification of policies is correct, developers conduct regression testing. However, rerunning all of existing system test cases could be costly and time-consuming. To address this issue, we develop a regression-test-selection approach, which selects every system test case that may reveal regression faults caused by policy changes. Our evaluation results show that our test-selection approach reduces a substantial number of system test cases efficiently.

LI Han,GUO He,WANG Yu-xin,LU Guo-ji,YANG Yuan-sheng

DOI: https://doi.org/10.3969/j.issn.1002-137x.2011.07.028

2011-01-01

Computer Science

Abstract:Access control whose objective is to ensure the security of accessing to resources in software systems is an essential part for software systems.As access control policies in legacy systems seldom based on roles are represented in various forms,an RBAC-based approach was proposed to integrate these access control policies.The approach maps permission of legacy systems to tasks of integrated system.Based on task trees and transformation rules of access control policy,various access control policies were reorganized in a unified form.Moreover,management rules were provi-ded to achieve further authorization.A case study is demonstrated to depict the proposed approach is a feasible solution to integrate legacy access control policies and introduce RBAC into legacy systems.

DING Hongda,ZENG Qingkai,BAO Bixian

DOI: https://doi.org/10.3969/j.issn.1000-3428.2007.01.056

2007-01-01

Abstract:Test and validation of access control is a crucial part of the security evaluation of the system.A testing approach by extending GFAC is proposed,automatically to test the access control service according to requirements of security evaluation based on common criteria.The implementation of testing on Linux+RSBAC demonstrates the approach available.

Junbiao Wang,Jianxin Zhang,Jianjun Jiang,Shichao Zhang

DOI: https://doi.org/10.3969/j.issn.1000-2758.2008.04.005

2008-01-01

Xibei Gongye Daxue Xuebao/Journal of Northwestern Polytechnical University

Abstract:Aim. Existing access control models are, in our opinion, not sufficiently effective. We now propose a novel access control model based on RBAC (Role-Based Access Control), which, we believe, is sufficiently effective. In the full paper, we explain our model in some detail. In this abstract, we just add some pertinent remarks to listing the two topics of explanation. The first topic is: the analysis of RBAC-based access control model. In the first topic, with the help of Fig.1 in the full paper, we explain in some detail how the FICS (Flexible Information Coding System) controls access. The second topic is: the implementation of our novel and effective RBAC-based access control model. Its three subtopics are: the concepts of traditional RBAC model that we utilize (subtopic 2.1), the restrictions we impose on accessing our novel and effective model (subtopic 2.2), and the access assignment strategy of FICS (subtopic 2.3). A large Chinese aircraft manufacturing enterprise has made use of our novel and effective RBAC-based access control model and has gradually widened and continues to widen the scope of its application. How the large enterprise utilizes our novel and effective model are briefly described in Fig.4 and Table 1 in the full paper.

Dancheng Li,Cheng Liu,Qiang Wei,Zhiliang Liu,BinSheng Liu

DOI: https://doi.org/10.1109/ICIECS.2010.5678213

2010-01-01

Abstract:SaaS (Software as a Service) deliver software as a service over the Internet, eliminating the need to install and run the application on the customers' own computers and simplifying maintenance and support. Access control is an important information security mechanism, according to user identity and the attribution of a predefined group of users to restrict access to certain information items, and limit the use of certain functions. In view of the features of multi-tenant, if we apply existing access control methods to SaaS systems directly, the following problems will appear: (1) role name conflicts (2) cross-level management (3) the isomerism of tenants' access control. This paper propose the S-RBAC model which can be applied to SaaS systems, this model extends from the RBAC model and ARBAC97 model, it uses layered structures to achieve system-level and tenant-level access control, solves the SaaS system access control problems. And we put forward a way to implement the access control module for SaaS systems based on S-RBAC model.

Tao Wang,Wei-hua Li,Zun Liu

DOI: https://doi.org/10.1109/MINES.2010.113

2010-01-01

Abstract:Role-Based Access Control (RBAC) is a mainstream access control method of software systems. After RBAC policies are formulated, there may be permission inconsistency between RBAC policies and practical execution paths. First, we defined the concept of RBAC permission consistency, and the concepts of execution path, Role Requirement array and Role Holding vector etc. On this basis, we proposed RBAC Permission Consistency Static Analysis Framework, proposed and proved permission consistency decision and Least Privilege principle decision theorems. This paper’s contributions include providing theoretical framework of RBAC permission consistency verification, and providing a methodology for decision of Least Privilege principle.

He Guo,Guoji Lu,Yuxin Wang,Han Li,Xin Chen

DOI: https://doi.org/10.1007/978-3-642-16515-3_25

2010-01-01

Abstract:Access control comprises different kinds of access control policies. This paper proposed an RBAC-based access control integration framework to achieve and manage various access control policies during legacy system integration. Permission is defined as tasks, and tasks are extracted and organized as tree structure for each system. Then, a global task tree and an integrated policy library are generated for the integrated system to reorganize access control policies of different legacy systems. Additionally rules for authorization management are given to carry out further authorization. A case study is demonstrated to depict the proposed framework is a feasible and flexible solution for access control integration.

Wang Zhenjiang,Liu Qiang

DOI: https://doi.org/10.3321/j.issn:1002-8331.2005.35.009

2005-01-01

Abstract:Authority Management is a most important aspect of Information Systems.A successful information system is always supported by a well-designed access control system.Role-based access control policy,which is the focus of access control study nowadays,is more flexible and less management burden.Based on Role-Based Access Control(RBAC) and Task-Role-based Access Control,this paper gives a flexible extended access contrl models,XRBAC,standing for Extended Role-Based Access Control,which extends the definition of role management and authority.

FU Li,DUAN Peng-song,HU Hai-bo

DOI: https://doi.org/10.3969/j.issn.1674-8425-b.2008.01.001

2008-01-01

Abstract:Aiming to solve the disadvantage of no audition function of access control strategies,this paper firstly compares three kinds of access control models(MAC,DAC,and RBAC),and analyses popular RBAC model.Secondly,it presents a new access control,Auditable Role-Based Access Control Model(RBAC-a),to improve the traditional RBAC.The feasibility and practicability of RBAC-a are also analyzed and the application of RBAC-a based on a business project is presented in this paper.Finally,the paper points out the possible direction of the access control from author's viewpoint.

Han Li,Hongji Yang,Feng Chen,He Guo,Yuansheng Yang

DOI: https://doi.org/10.1504/IJCAT.2011.045410

2011-01-01

International Journal of Computer Applications in Technology

Abstract:Role-Based Access Control (RBAC) is accepted as the most commonly used access control policy; however, it is mainly used during the development of new software systems. In this paper, an approach to reengineering RBAC into legacy systems by applying program transformation is proposed. Wide Spectrum Language (WSL) and MetaWSL are extended. Transformation rules, algorithm and operations for further authorisation management are defined to support access control reorganisation. A case study is demonstrated on a prototype tool FermaT-based Access Control Reorganisation (F-ACR). The result shows that it is a feasible and promising approach to enforcing RBAC in legacy systems.

JING Dong-sheng,YANG Ji-wen

DOI: https://doi.org/10.3969/j.issn.1673-629x.2006.02.071

2006-01-01

Abstract:The research work of RBAC(role-based access control) and TBAC(task-based access control) is greatly emphasized in recent years.This paper compares the characteristics and applicability spectrum of some recent models.To the deficiency of the existing model,in order to improve the security,compatibility and practicability of application systems,through combining the advantages of RBAC and TBAC model,a new-type model,T-RBAC(task-role based access control),is discussed.The configuration and characteristics of the model is described.The support of least privilege,separation of duties,data abstraction and roles hierarchies in the model is explained.An application of the model in computer supported cooperative system and the main goal of future research is presented.

吴江栋,李伟华,安喜锋

DOI: https://doi.org/10.3969/j.issn.1000-3428.2008.20.019

2008-01-01

Abstract:A method of finely granular access control based on RBAC is brought forward after the discussion of the access control model based on role.This paper proposes the idea about finely granular access control,decomposes the access privilege of sources to less granularity,and the privilege is assigned to role,then access control can be managed easily by defining the user of the role and the inherit of roles.The validity of method is proved by the successful system of finely granular access control based on RBAC.Design and implementation process of the method have referenced value to similar software's development.

Evan Martin,Tao Xie

2006-01-01

Abstract:To facilitate managing access control in a system, access control policies are increasingly written in specification languages such as XACML. A dedicated software component called a Policy Decision Point (PDP) interprets the specified policies, receives access requests, and returns responses to inform whether access should be permitted or denied. To increase confidence in the correctness of specified policies, policy developers can conduct policy testing by supplying typical test inputs (requests) to the PDP and subsequently checking test outputs (responses) against expected ones. Unfortunately, manual testing is tedious and few tools exist for automated testing of XACML policies.In this paper, we present our work toward a framework for systematic testing of access control policies. The framework includes components for policy coverage definition and measurement, request generation, request evaluation, request set minimization, policy property inference, and mutation testing. This framework allows us to evaluate various criteria for test generation and selection, investigate mutation operators, and determine a relationship between structural coverage and fault-detection capability. We have implemented the framework and applied it to various XACML policies. Our experimental results offer valuable insights into choosing mutation operators in mutation testing and choosing coverage criteria in test generation and selection.

Gang Liu,Runnan Zhang,Huimin Song,Can Wang,Jinhui Liu,Aijun Liu

DOI: https://doi.org/10.1016/j.cose.2016.03.006

IF: 5.105

2016-01-01

Computers & Security

Abstract:The traditional role-based access control (RBAC) model is typically static, i.e., permissions are granted based on a policy that seldom changes. A more flexible support for access control is needed in certain scenarios (such as disaster management). The break the glass RBAC (BTG-RBAC) model is an RBAC model with the break-glass technique, which enables the violation of a predetermined policy in exceptional situations. However, the BTG-RBAC model is unable to provide adequate flexibility in the system. This paper proposes a new independent mechanism, termed transformation, which can change the user assignment to achieve dynamic changes in user permissions. The system should alert users when their permission is changed. Thus, this study integrates transformation with the BTG-RBAC model to create a new model called the Ts-RBAC model. The Ts-RBAC model maintains the safety ensured by the BTG-RBAC model and improves the flexibility of the system.

Yan Dong,Yang Zhengqiu,Liu Chen

DOI: https://doi.org/10.1109/ifita.2009.134

2009-01-01

Abstract:The Modern Information management systems are built on basis of the Internet, the online system nearly includes all business of an enterprise, and almost every employee has to complete some certain operations in the system. Therefore, the security plays an important role in the running of an online information management system. Access control is a significant component of the security measures. We can see easily if an online system is mature and reliable through its Access control module. RBAC96[1] is a relatively mature access control mechanism. This paper is based on RBAC96 model prototype, and makes it improved with range restricted mechanism, which could make the whole access control become more secure, the control become more accurate.

CHEN Yi,GENG Guo-hua,LI Zhe

DOI: https://doi.org/10.3969/j.issn.1673-629x.2006.02.075

2006-01-01

Abstract:Access control is one of the fundamental modules for every multi-functional MIS.It can enhance the security of systems and protect background data.This paper presents a new approach for designing dynamic access control module based on RBAC model,and fully explains the design method and implements the database.In addition,extends and details the relationship between roles and roles,permissions and permissions in RBAC model,and further improves the flexibility and security.The implementation method has been successfully applied in HuangLing personnel MIS.