Lin Yao,Xiangwei Kong,Zichuan Xu

DOI: https://doi.org/10.1109/NCM.2008.75

2008-01-01

Abstract:Although RBAC models have received broad support as a generalized approach to access control, the administration of roles in large organizations can become quite cumbersome. In this paper, we develop a new paradigm for access control and authorization management, called task-role based access control (TRBAC) with multi-constraint. The basic idea of this model different from traditional RBAC is that roles and permissions are not connected directly but are put together by tasks. It is a dynamic authorization model with fine-grained partition on users, roles, tasks and sessions. The unit of task becomes the permission granularity. It is more convenient for enterprise privilege management such as distributed application,C/S access control and workflow management. It can reduce the administrator's burden and avoid some potential safety hazards because of adopted dynamic authorization.

黄益民,杨子江,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2004.04.005

2004-01-01

Abstract:The traditional role-based access control (RBAC) model was extended in this work aimed at studying practical ways to implement access control, enforce security administration, and acquire available information from real world to construct an access control model and establish security policies. A three-layered architecture for role-based security administration was proposed. And a practical way was presented to implement role-based access control and role-based security administration ,so that cross-platform role-based access control is implemented automatically and systematically in the security administration system.

王新胜,熊书明,王新宇

DOI: https://doi.org/10.3778/j.issn.1002-8331.2009.36.028

2009-01-01

Computer Engineering and Applications Journal

Abstract:SARBAC/SARBAC-HH models are dominative in implementation of role hierarchy management by analyzing and comparing several typical role-based access control models.Some issues in role and permission assignment management existed in SARBAC/SARBAC-HH models.In view of these issues,an improved model named WARBAC,based on SARBAC/SARBAC-HH models,is put forward.In the model,the administrative policy of role-permission assignment is redefined and redesigned by resorting to the conception of the organization structure of the ARBAC02 model.Analysis results show that WARBAC is simple in role hierarchy management and is reasonable in complicated role-permission assignment management.

刘伟,刘嘉勇

DOI: https://doi.org/10.3969/j.issn.1672-2892.2009.01.019

2009-01-01

Abstract:As a way to defend information's confidentiality and integrity,access control takes a quite important role in military system and commercial system.Role-Based Access Control(RBAC) Model has been generally used in morden sofeware systems,and it has become one of the hotspots in the field of information.On the basis of RBAC,an Extended Role-Based Access Control(ERBAC) model is introduced against the imperfections of the famous RBAC model.Then the applying process of this model is illuminated.In the improved model,the concepts of role and permission are extended,which makes RBAC model be applied to systems freely and efficiently,and strengthens the security of access control.

JIANG Jie,ZHANG Jie,CHEN De-ren

DOI: https://doi.org/10.3785/j.issn.1008-973x.2009.09.011

2009-01-01

Abstract:An extended context-aware role based access control(RBAC) based on reasoning(RC-RBAC) model was proposed by integrating the single context-aware RBAC and reasoning-based RBAC in order to solve the problems of the Absence of the adjustment and generation of the context-aware condition dynamically and the incapacity of updating the user authorization according to the adjusted constrain conditions in the existing RBAC.The extended model used the rule reasoning to adjust and generate the context constrains dynamically and start the common sensors and the self-defined sensors to collect the attribute values of the conditions.The access permission to the sensitive data was updated in real time based on the context-aware logic reasoning using the user rules and permission rules.The application results show that the extended RC-RBAC model can be employed in the distributed environment to satisfy the need of the dynamic authorization and reduce the real-time access control management complexity.

Zhiwen Zou,Changqian Chen,Shiguang Ju,Jiming Chen

DOI: https://doi.org/10.1007/978-3-642-12189-0_26

2010-01-01

Abstract:The Spatial Role-Based Access Control (SRBAC) model was discussed in this paper. Firstly, the formal definition of SRBAC Model was given; then the region coverage constraint of spatial object, duration constraint of spatial object, various spatial object separations of duty constraints and spatial object cardinality constraint of role activation were researched; after extending the traditional session, the strategy of eliminating the conflictive session was presented; Finally, the role hierarchy has been discussed under the spatial environment. Combined with practical application, the theory of secure DBMS was optimized and afforded to build the stricter system.

Wang Zhenjiang,Liu Qiang

DOI: https://doi.org/10.3321/j.issn:1002-8331.2005.35.009

2005-01-01

Abstract:Authority Management is a most important aspect of Information Systems.A successful information system is always supported by a well-designed access control system.Role-based access control policy,which is the focus of access control study nowadays,is more flexible and less management burden.Based on Role-Based Access Control(RBAC) and Task-Role-based Access Control,this paper gives a flexible extended access contrl models,XRBAC,standing for Extended Role-Based Access Control,which extends the definition of role management and authority.

LI Bo,HUANG Dong-jun

DOI: https://doi.org/10.3969/j.issn.1006-8937-B.2006.04.001

2006-01-01

Abstract:The paper analyzes and compares several primary ways to distribute privileges during the current design process of access system such as Discretionary Access Control(DAC), Mandatory Access Control (MAC) and Role-Based Access Control (RBAC), points out their respective characteristics and limitations of their applicability. By taking the new characteristics of modern enterprise management into consideration and combining with the existing access control model, the authors discuss the access control technology of the multi-users information system, present and realize the security control model based on role level, department level and user level in the application. Practical application makes clear that it enhances the security and maintainability of information system.

LIAO Er-chong,XU Xiao-fei,LIU Xu-dong,ZHAN De-chen

DOI: https://doi.org/10.16208/j.issn1000-7024.2008.18.054

2008-01-01

Abstract:The traditional RBAC model has two disadvantages,the permission-control is a little coarse and is not enough convenient for further software reuse.To resolve these problems,an extended RBAC model is put forward.The ranks of permission is refined and the process of permission-control with meta-data is described.The model can implement dynamic configuration of permission,and improve software reusability.The modelhas been applied to a software project in an enterprise,which proves that itis one correct and effective model.

HU Ying-song,CHEN Gang,ZHU A-ke,CHEN Zhong-xin

2006-01-01

Abstract:A new access control model based on roles and departments is proposed,which extends the traditional RBAC model. The new model abstracts the department from the property of roles,and becomes an important factor of permission control. Furthermore,this paper designs a three-layered architecture for this cross-platform security administration and one of the access control policies is described in detail.

YANG Liu,WEI Ren-yong,CHEN Chua-nbo

DOI: https://doi.org/10.3969/j.issn.1007-130x.2006.09.042

2006-01-01

Abstract:By analysing the Role-Based Access Control model and the characteristics of the modern enterprise management,the article presents an extended role-based access control model,which integrates the authorization of users and roles,and introduces its effective application and implementation in a large-scale system.

王德鑫,张茂军,王炜,熊志辉

DOI: https://doi.org/10.3969/j.issn.1007-130x.2008.06.008

2008-01-01

Abstract:Traditional role-based access control can not filter the functional entities, data operations and business data at one time, because it has only one set of roles. To resolve this problem, we extend it by importing the concept of role group and defining three role groups, i.e. functional role group, behavioral role group and data role group. Functional roles are used to filter the functional entities; behavioral roles are used to restrict the data operation activities; and data roles are used to filter the business data. We assign at least a functional role, a behavioral role and a data role to every user, so as to ensure only the authorized user can do the authorized data operation activities on the authorized data. Applications indicate that, the extended role based access control model possesses favorable expansibility, adaptability and flexibility, and it can be used as the access control model for complex information systems with a high demand of data security.

吴振兴,熊璋,方义

DOI: https://doi.org/10.3969/j.issn.1006-2475.2004.12.042

2004-01-01

Abstract:The different levels of RBAC model implementation and their characters are discussed.An implementation of RBAC model on the application level is also presented.This implementation makes use of the security character provided by the operating system to authenticate user in a high security way and introduces application server as agency between database and workstation.Based on active directory and DCOM,this implementation controlls database access reliably according to RBAC model and achieves high security.

Yi Ren,Zhiting Xiao,Sipei Guo

DOI: https://doi.org/10.1109/isecs.2008.163

2008-01-01

Abstract:Role based access control (RBAC) has been widely adopted as a policy neutral access control model by many IT corporations. RBAC96, which is the most famous family of RBAC models, provides a common frame reference for related research and development. Many properties proposed in the family, e.g. limited inheritance, mutually exclusive roles, cardinality, and interaction, have been separately discussed in the previous work. In this paper, an extended RBAC model implementing those properties is proposed to provide an approach for implementing RBAC3. The extended RBAC model is based on deputy mechanism and is called deputy-based access control (DBAC). Since the private role hierarchy and constraint can be uniformly handled in DBAC, a flexible and powerful access control system can be implemented.

吴江栋,李伟华,安喜锋

DOI: https://doi.org/10.3969/j.issn.1000-3428.2008.20.019

2008-01-01

Abstract:A method of finely granular access control based on RBAC is brought forward after the discussion of the access control model based on role.This paper proposes the idea about finely granular access control,decomposes the access privilege of sources to less granularity,and the privilege is assigned to role,then access control can be managed easily by defining the user of the role and the inherit of roles.The validity of method is proved by the successful system of finely granular access control based on RBAC.Design and implementation process of the method have referenced value to similar software's development.

LONG Jun,ZENG Xiao-sa,ZHANG Zu-ping

2010-01-01

Abstract:As the traditional role-based access control(RBAC) models have shortcomings when applied in lager-scale en-terprise applications,an improved RBAC model based on autonomy domain(AD -RBAC) is proposed.This model intro-duces‘autonomy domain’to describe the organization structure;divides groups into administrative group and common group,which enhances the expression capability of the group;adopts organization structure domain description model to construct group hierarchy and group types.All these contribute to the simple and intuitive realization of multi-level user authorization management.In the expert information service grid,AD -RBAC is used to achieve authorized service and da-ta access of grid nodes based on virtual domain,which proves the feasibility and effectiveness of this model.

LI Fan,ZHENG Wei-min

DOI: https://doi.org/10.3969/j.issn.1000-7024.2005.08.052

2005-01-01

Abstract:Access Control is an important technology in system security in which RBAC(Role-Based Access Control) is a well-known model.But RBAC is complicated in large application system.The problems existing in RBAC were analyzed and an organization and role based access control model ORBAC was proposed.The new model reduces the number of the role and the complexity of access con-trol management in application system by extending organization structure and its permissions to RBAC.

姚立红,李振东,谢立

DOI: https://doi.org/10.3969/j.issn.1002-137X.2002.11.027

2002-01-01

Computer Science

Abstract:The manner of permission management in Role-Based Access Control is similar to the actual one in application fields, and it greatly simplifies system management. How to define and manage hundreds of permissions, roles,users and relations among them ( all are called RBAC special framework in this article)in large systems is one key problem that models for RBAC must resolve. This article studies the management of RBAC special frameworks, takes the management relations among roles into frameworks, and puts forward Management-Enhanced Model for RBAC. Special frameworks created according to this model are very similar to the management structures in application fields, and can manage themselves. This model also supports dynamic maintenance of management formwork while it is working.

王刚,宋执环

DOI: https://doi.org/10.3969/j.issn.1000-3428.2002.09.044

2002-01-01

Abstract:In this paper, the construction of role-based access control is discussed. Aiming at the complexity of the subjects, combined with the particularity of actions and objects in document management, considering the restriction of subject and the state of object, some improvement is made in the original RBAC and a new team-role-based document access control which is named TRBDAC model is presented. ;

Yan Chen,Chao Luo,Can Ying Huang,Shang Ping He

DOI: https://doi.org/10.4028/www.scientific.net/aef.6-7.273

2012-01-01

Advanced Engineering Forum

Abstract:As a key access control mode that multiple characters application system is presently used , RBAC(Role-Based Access Control) can solve the problem of dynamic multi-users and multiple characters excellently, but when facing complicated resource types and business processes, it must be expanding on that basis. The article has put forward and realized a permissions model which can solve complicated resource system and business processes—resource model.