Lin Yao,Xiangwei Kong,Zichuan Xu

DOI: https://doi.org/10.1109/NCM.2008.75

2008-01-01

Abstract:Although RBAC models have received broad support as a generalized approach to access control, the administration of roles in large organizations can become quite cumbersome. In this paper, we develop a new paradigm for access control and authorization management, called task-role based access control (TRBAC) with multi-constraint. The basic idea of this model different from traditional RBAC is that roles and permissions are not connected directly but are put together by tasks. It is a dynamic authorization model with fine-grained partition on users, roles, tasks and sessions. The unit of task becomes the permission granularity. It is more convenient for enterprise privilege management such as distributed application,C/S access control and workflow management. It can reduce the administrator's burden and avoid some potential safety hazards because of adopted dynamic authorization.

Chun-hua GU,Bao-liang XIAO

DOI: https://doi.org/10.3969/j.issn.1006-3080.2007.01.022

2007-01-01

Abstract:In order to overcome shortages of the processing method of RBAC96 model′s private permission,an improved model is put forward from a point of implementation view.The private permission in this model can be retained through public heredity mode and the public permission′s inheritance(hierarchy) can be controlled easily through role′s permission transformation.It solves the problem of complicated role cardinality caused from role heredity.

王新胜,熊书明,王新宇

DOI: https://doi.org/10.3778/j.issn.1002-8331.2009.36.028

2009-01-01

Computer Engineering and Applications Journal

Abstract:SARBAC/SARBAC-HH models are dominative in implementation of role hierarchy management by analyzing and comparing several typical role-based access control models.Some issues in role and permission assignment management existed in SARBAC/SARBAC-HH models.In view of these issues,an improved model named WARBAC,based on SARBAC/SARBAC-HH models,is put forward.In the model,the administrative policy of role-permission assignment is redefined and redesigned by resorting to the conception of the organization structure of the ARBAC02 model.Analysis results show that WARBAC is simple in role hierarchy management and is reasonable in complicated role-permission assignment management.

黄益民,杨子江,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2004.04.005

2004-01-01

Abstract:The traditional role-based access control (RBAC) model was extended in this work aimed at studying practical ways to implement access control, enforce security administration, and acquire available information from real world to construct an access control model and establish security policies. A three-layered architecture for role-based security administration was proposed. And a practical way was presented to implement role-based access control and role-based security administration ,so that cross-platform role-based access control is implemented automatically and systematically in the security administration system.

姚立红,李振东,谢立

DOI: https://doi.org/10.3969/j.issn.1002-137X.2002.11.027

2002-01-01

Computer Science

Abstract:The manner of permission management in Role-Based Access Control is similar to the actual one in application fields, and it greatly simplifies system management. How to define and manage hundreds of permissions, roles,users and relations among them ( all are called RBAC special framework in this article)in large systems is one key problem that models for RBAC must resolve. This article studies the management of RBAC special frameworks, takes the management relations among roles into frameworks, and puts forward Management-Enhanced Model for RBAC. Special frameworks created according to this model are very similar to the management structures in application fields, and can manage themselves. This model also supports dynamic maintenance of management formwork while it is working.

JIANG Jie,ZHANG Jie,CHEN De-ren

DOI: https://doi.org/10.3785/j.issn.1008-973x.2009.09.011

2009-01-01

Abstract:An extended context-aware role based access control(RBAC) based on reasoning(RC-RBAC) model was proposed by integrating the single context-aware RBAC and reasoning-based RBAC in order to solve the problems of the Absence of the adjustment and generation of the context-aware condition dynamically and the incapacity of updating the user authorization according to the adjusted constrain conditions in the existing RBAC.The extended model used the rule reasoning to adjust and generate the context constrains dynamically and start the common sensors and the self-defined sensors to collect the attribute values of the conditions.The access permission to the sensitive data was updated in real time based on the context-aware logic reasoning using the user rules and permission rules.The application results show that the extended RC-RBAC model can be employed in the distributed environment to satisfy the need of the dynamic authorization and reduce the real-time access control management complexity.

Xiyuan Chen,Miaoliang Zhu

DOI: https://doi.org/10.4028/www.scientific.net/kem.439-440.178

2010-01-01

Abstract:Semantic; Trust Management; RBAC; User-role Assignment Abstract. The application of RBAC in access management of the enterprise services and resources is very widely. With phenomenal growth of information interaction and cooperation between distributed systems, the number of users can be in the hundreds of thousands or millions. This renders manual user-to-role assignment a formidable task. In this paper, we propose a semantic and trust based framework to automatically assign users to roles based on a finite set of assignment rules defined by authorized people in the enterprise. These rules take into consideration the attributes users own and any constraints set forth by the enterprise including the assignment history and the credit of the requester. We choose OWL to specify the user attributes.

LIAO Er-chong,XU Xiao-fei,LIU Xu-dong,ZHAN De-chen

DOI: https://doi.org/10.16208/j.issn1000-7024.2008.18.054

2008-01-01

Abstract:The traditional RBAC model has two disadvantages,the permission-control is a little coarse and is not enough convenient for further software reuse.To resolve these problems,an extended RBAC model is put forward.The ranks of permission is refined and the process of permission-control with meta-data is described.The model can implement dynamic configuration of permission,and improve software reusability.The modelhas been applied to a software project in an enterprise,which proves that itis one correct and effective model.

Li Qi,Xu Mingwei,Zhang Xinwen

DOI: https://doi.org/10.1109/ICDCS.Workshops.2008.26

2008-01-01

Abstract:Role-based Access Control (RBAC) has been widely deployed in many distributed systems in recent years. However, in many large-scale enterprise environments, it is difficult to manage RBAC because of the huge number of users and roles, and complex interrelationships between them. Moreover, with the development of information and communication technologies, many temporal and ad hoc collaborations between groups and departments are emerging, which require dynamic user-role and permission-role assignments. In thesescenarios it is infeasible, if not impossible, for few security officers to administrate the assignment for various applications. In this paper, we propose a novel RBAC model for decentralized and distributed systems. As one of the main contributions, we also propose a decentralizedadministration model to address the management issues in traditional RBAC systems, Our model can be used for group-based applications with dynamic assignments where typically local (group-level) administrators take charge of the dynamic assignments. In this way, many administrativetasks for different applications can spread over many different local administrators, and a fine-grained administration model of RBAC based on the local administration policies is realized. As a proof-of-conceptsystem, we implemented a secure Spread prototype based on our proposed model to show the feasibility in the real applications.

Sejong Oh,Ravi Sandhu

DOI: https://doi.org/10.1145/507711.507737

2002-01-01

Abstract:Role-based access control (RBAC) is recognized as an excellent model for access control in an enterprise environment. In large enterprises, effective RBAC administration is a major issue. ARBAC97 is a well-known solution for decentralized RBAC administration. ARBAC97 authorizes administrative roles by means of role ranges' and prerequisite conditions'. Although attractive and elegant in their own right, we will see that these mechanisms have significant shortcomings.We propose an improved role administration model named ARBAC02 to overcome the weaknesses of ARBAC97. ARBAC02 adopts the organization unit for new user and permission pools independent of role or role hierarchy. It uses a refined prerequisite condition. In addition, we present a bottom-up approach to permission-role administration in contrast to the top-down approach of ARBAC97.

Di Wu,Xiyuan Chen,Jian Lin,Miaoliang Zhu

DOI: https://doi.org/10.1007/11836025_19

2006-01-01

Abstract:Today, the formulation, specification, and verification of adequate data protection policies in open distributed environment appear as the main challenge to address concerning authorization Role-based access control models have attracted considerable research interest in recent years due to their innate ability to model organizational structure and their potential to reduce administrative overheads This paper proposes ontology specification to describe Role-based Access Control model and extend it with a general context expression Based on these definitions, the specification for interoperation in distributed environment is introduced The works include a definition of ontology to describe the concepts and a declaration of rules to explicit the relationship between concepts The ontology based approach can express security policy with semantic information and provide a machine interpretation for descriptions of policy in open distributed environment.

Zhiwen Zou,Changqian Chen,Shiguang Ju,Jiming Chen

DOI: https://doi.org/10.1007/978-3-642-12189-0_26

2010-01-01

Abstract:The Spatial Role-Based Access Control (SRBAC) model was discussed in this paper. Firstly, the formal definition of SRBAC Model was given; then the region coverage constraint of spatial object, duration constraint of spatial object, various spatial object separations of duty constraints and spatial object cardinality constraint of role activation were researched; after extending the traditional session, the strategy of eliminating the conflictive session was presented; Finally, the role hierarchy has been discussed under the spatial environment. Combined with practical application, the theory of secure DBMS was optimized and afforded to build the stricter system.

Zhang Xiantao,Li Qi,Qing Sihan,Zhang Huanguo,Zhang Liqiang

DOI: https://doi.org/10.1109/ISCIT.2007.4392214

2007-01-01

Abstract:Role-based Access Control (RBAC) become an important techniques to secure e-commerce systems during recent years. However, RBAC management issue is still an unresolved problem. Moreover, with the development of IT technologies in many departments, there emerge many group communications which require dynamic user-role assignments. In these scenarios it is infeasible for few security officers to administrate the assignment for local variant applications. In this paper, we propose a novel RBAC model for decentralized and distributed systems. We also present an administration model of our PBAC model to address the management issues in traditional RBAC systems. As one of the main contributions, this paper proposes a decentralized administration model by introducing a component of group assignment to implement a novel user authorization mechanism and a new user-role assignment (UA) approach which provides a two-level administration for user and role management through the concept of group. Our model can be applied for the current group communication applications with dynamic assignments where typically local administrators take charge of the dynamic assignments. In this way, many administrative tasks for different applications can spread over many different local administrators, and a fine-grained administration model of RBAC based on the local administration policies is realized. As a proof-of-concept we implemented a prototype in Xen virtualization environment based on our proposed model to secure real distributed applications.

QIU Jiong,MA Chen-hua,Yin Jian-wei,Dong Jin-xiang

DOI: https://doi.org/10.1109/CIT.2005.161

2005-01-01

Abstract:RBACAM, a role-based administrative model of RBAC, is proposed in this paper. It simplifies the description of role hierarchies with the definition of role identity code and role derivative information pair group. The concept of role administration domain and role enhanced administration domain is introduced to realize decentralized administration of RBAC. Each role has responsibility far role administration in its own administration domain and enhanced administration domain. A series of conflict checking rules to maintain consistency and the administration of authorization constraints are provided in the model. Administrative algorithms of role hierarchies, user-rote assignments, permission-role assignments and authorization constraints are also described- RBAC AM can be applied in the context of the RBAC96 model without introducing additional entities and relations. The main advantage of RBAC AM is its simplicity, completeness and practicability.

金琼琤,杨树堂,蒋兴浩,李建华

DOI: https://doi.org/10.3969/j.issn.1000-3428.2004.19.038

2004-01-01

Abstract:This paper analyzes the model of T-RBAC and studies about the enterprise privilege management method, suggests enterprise privilege management method which allows security administrator to manage access control information by GUI on the basis of T-RBAC. It can reduce the administrator's burden and avoid some potential safety hazards because adopted dynamic authorization.

Yan Chen,Chao Luo,Can Ying Huang,Shang Ping He

DOI: https://doi.org/10.4028/www.scientific.net/aef.6-7.273

2012-01-01

Advanced Engineering Forum

Abstract:As a key access control mode that multiple characters application system is presently used , RBAC(Role-Based Access Control) can solve the problem of dynamic multi-users and multiple characters excellently, but when facing complicated resource types and business processes, it must be expanding on that basis. The article has put forward and realized a permissions model which can solve complicated resource system and business processes—resource model.

OUYANG Rong-bin,WANG Qian-yi,LI Li,LIU Yun-feng

DOI: https://doi.org/10.16411/j.cnki.issn1006-7736.2010.02.030

2010-01-01

Abstract:To decrease complexity and unsafety of configuring SQL rules for users in data permissions management,implementation policy for data permissions in role-based access control(RBAC) models was defined and data permissions model based on attribute rules was presented.This model was extended based on RBAC,and its rules for roles according to attributes were configured,which can implement data permissions management for both structural and non-structural data by JAVA reflection.

Jonathan K. Adams,Basheer N. Bristow

DOI: https://doi.org/10.48550/arXiv.cs/0603085

2006-03-22

Cryptography and Security

Abstract:Basic role based access control [RBAC] provides a mechanism for segregating access privileges based upon a user's hierarchical roles within an organization. This model doesn't scale well when there is tight integration of multiple hierarchies. In a case where there is joint-tenancy and a requirement for different levels of disclosure based upon a user's hierarchy, or in our case, organization or company, basic RBAC requires these hierarchies to be effectively merged. Specific roles that effectively represent both the user's organizations and roles must be translated to fit within the merged hierarchy to be used to control access. Essentially, users from multiple organizations are served from a single role base with roles designed to constrain their access as needed. Our work proposes, through parameterized roles and privileges, a means for accurately representing both users' roles within their respective hierarchies for providing access to controlled objects. Using this method will reduce the amount of complexity required in terms of the number of roles and privileges. The resulting set of roles, privileges, and objects will make modeling and visualizing the access role hierarchy significantly simplified. This paper will give some background on role based access control, parameterized roles and privileges, and then focus on how RBAC with parameterized roles and privileges can be leveraged as an access control solution for the problems presented by joint tenancy.

Zhenxing Luo,Jing Chen,Zuoquan Lin

DOI: https://doi.org/10.1109/lcn.2008.4664239

2008-01-01

Abstract:Role based access control (RBAC) has emerged as a leading access control model to other traditional access control models. However, the traditional RBAC models can not capture fine-grained authorization with mono-type inheritance. In this paper, we discuss the hybrid inheritance based on our extended RBAC model, which is very desirable for capturing the fine-grained access control permissions. When the hybrid inheritances coexist in a role hierarchy, inferring such indirect relations between a pair of roles can became very complex. In particular, we study how the new inheritance relations between roles that are indirectly related can be easily derived through the inference rules, which provides a basis for formally analyzing the hybrid inheritances.

Wang Zhenjiang,Liu Qiang

DOI: https://doi.org/10.3321/j.issn:1002-8331.2005.35.009

2005-01-01

Abstract:Authority Management is a most important aspect of Information Systems.A successful information system is always supported by a well-designed access control system.Role-based access control policy,which is the focus of access control study nowadays,is more flexible and less management burden.Based on Role-Based Access Control(RBAC) and Task-Role-based Access Control,this paper gives a flexible extended access contrl models,XRBAC,standing for Extended Role-Based Access Control,which extends the definition of role management and authority.