Lin Yao,Xiangwei Kong,Zichuan Xu

DOI: https://doi.org/10.1109/NCM.2008.75

2008-01-01

Abstract:Although RBAC models have received broad support as a generalized approach to access control, the administration of roles in large organizations can become quite cumbersome. In this paper, we develop a new paradigm for access control and authorization management, called task-role based access control (TRBAC) with multi-constraint. The basic idea of this model different from traditional RBAC is that roles and permissions are not connected directly but are put together by tasks. It is a dynamic authorization model with fine-grained partition on users, roles, tasks and sessions. The unit of task becomes the permission granularity. It is more convenient for enterprise privilege management such as distributed application,C/S access control and workflow management. It can reduce the administrator's burden and avoid some potential safety hazards because of adopted dynamic authorization.

杨洋,丁仁杰,闵勇

DOI: https://doi.org/10.3321/j.issn:1000-1026.2003.07.008

2003-01-01

Abstract:According to the characteristics of the information system in power enterprises, an in-depth analysis is made of the discretionary access control (DAC), mandatory access control (MAC) and role-based access control (RBAC). Some drawbacks of the three models under certain circumstances are discussed. To meet the need of massive and frequently changing data in the information system of power enterprises, a new access control model, the object-based access control (OBAC) model, is proposed. This model can be easily represented and is more extensible. Also, a practical design of the OBAC model is given.

Minghui Jing,Hongming Cai,Fenglin Bu

DOI: https://doi.org/10.1109/apscc.2011.63

2011-01-01

Abstract:RBAC as a kind of permission access control technologies supports enterprise information security effectively. However, in many cases, traditional RBAC can only establish a permission access control mechanism based on discrete group-role or user-role management inside an organization. And the user group whose organization structure is more complicated is not supported by RBAC. It is also lack of the adaptability of dynamic changes to the complex organization structure. To solve these problems, a permission model called Flexible Organization Structure-Based Access Control (FOSBAC) is proposed, which combines the flexible organization structure with the access control to achieve the dynamic management of permissions. First, the general framework and the formal description of FOSBAC are given. Then, the application template using the XACML specification is constructed and an analysis on a case of accessing financial statements is used to demonstrate the feasibility of the application. Finally, it is shown that FOSBAC possesses better adaptability to complex organization structure and higher management efficiency in comparison with RBAC and ROBAC.

Junhao Geng,Sumei Zhang

DOI: https://doi.org/10.1109/cis.2009.260

2009-01-01

Abstract:To meet the requirements that full business model of complex information system needs simplified, precise and consistent access control method, analyzing meta-model of full business model, granularities of access control elements, Full Business Model Oriented Access Control (FBMOAC) model is proposed and built, and an algorithm of permission consistency control is presented based on the formal description. Through building access subject granularities, access object granularities, permission assignment control granularities and the dependency, contradiction, delegation, nesting relationships between granularities, FBMOAC supports simplifying the authorization process, controlling access objects precisely and implementing the consistency control of permissions.

王新胜,熊书明,王新宇

DOI: https://doi.org/10.3778/j.issn.1002-8331.2009.36.028

2009-01-01

Computer Engineering and Applications Journal

Abstract:SARBAC/SARBAC-HH models are dominative in implementation of role hierarchy management by analyzing and comparing several typical role-based access control models.Some issues in role and permission assignment management existed in SARBAC/SARBAC-HH models.In view of these issues,an improved model named WARBAC,based on SARBAC/SARBAC-HH models,is put forward.In the model,the administrative policy of role-permission assignment is redefined and redesigned by resorting to the conception of the organization structure of the ARBAC02 model.Analysis results show that WARBAC is simple in role hierarchy management and is reasonable in complicated role-permission assignment management.

LI Fan,ZHENG Wei-min

DOI: https://doi.org/10.3969/j.issn.1000-7024.2005.08.052

2005-01-01

Abstract:Access Control is an important technology in system security in which RBAC(Role-Based Access Control) is a well-known model.But RBAC is complicated in large application system.The problems existing in RBAC were analyzed and an organization and role based access control model ORBAC was proposed.The new model reduces the number of the role and the complexity of access con-trol management in application system by extending organization structure and its permissions to RBAC.

Gang Liu,Lu Fang,Quan Wang,Xiaoqian Qi,Juan Cui,Jiayu Liu

DOI: https://doi.org/10.1007/978-3-030-15093-8_4

2018-01-01

Abstract:In information systems where there are a large number of different resources and the resource attributes change frequently, the security, reliability and dynamics of access permissions should be guaranteed. The changing raises security concerns related to authorization, and access control, but existing access control models are difficult to meet practical requirements. In this paper, a resource and attribute based access control model named RA-BAC was proposed. The model bases on attribute-based access control (ABAC) and links access control policy with resource, and redefines the access control rules. Besides, we compare RA-BAC and ABAC from the perspective of theory and simulation experiment respectively to show the advantage of RA-BAC model. We give a detailed analysis combining with instances to show the practicability of the RA-BAC model. RA-BAC solves the problems of policy conflict and policy library expansion in the ABAC model when there are too many resources and the attributes of resources are changed frequently in the system. Using RA-BAC model in system can makes permission query efficient and reduce workload of the system administrator of managing the policy library.

ZHANG Jian-jun,ZHANG Qun,ZHANG Li

DOI: https://doi.org/10.3969/j.issn.1003-5060.2006.07.028

2006-01-01

Abstract:How to build an effective access control is very important to the security and reliability of the enterprise information management system(EIMS).In this paper,a kind of flexible object-oriented access control(FOOAC) model is presented based on the analysis of requirements of real access control and access control models of related information management systems,especially the role-based access control model.An access controller based on the FOOAC model is given to demonstrate the application of the model.

Sejong Oh,Ravi Sandhu

DOI: https://doi.org/10.1145/507711.507737

2002-01-01

Abstract:Role-based access control (RBAC) is recognized as an excellent model for access control in an enterprise environment. In large enterprises, effective RBAC administration is a major issue. ARBAC97 is a well-known solution for decentralized RBAC administration. ARBAC97 authorizes administrative roles by means of role ranges' and prerequisite conditions'. Although attractive and elegant in their own right, we will see that these mechanisms have significant shortcomings.We propose an improved role administration model named ARBAC02 to overcome the weaknesses of ARBAC97. ARBAC02 adopts the organization unit for new user and permission pools independent of role or role hierarchy. It uses a refined prerequisite condition. In addition, we present a bottom-up approach to permission-role administration in contrast to the top-down approach of ARBAC97.

Zhu Yiqun,Li Jianhua,Zhang Quanhai

DOI: https://doi.org/10.3969/j.issn.1000-386X.2008.11.054

2008-01-01

Abstract:In accordance with the increasing customers and the various resource access policies in service-oriented environments,the limi- tation of the related research is anallyzed,and a multi-policy services-oriented attribute-based role-based access control(AB-RBAC) model is proposed.Based on the relationship between the resource attribute and the user attribute in multi-policies,different role groups are defined,and relevant rules are made.User-rde assignment is realized based on a finite set of rules,and the requirement of multiple access policies is satis- fied.The flexibility of access control is enhanced,and the efficiency of the system is improved.A case that uses the AB-RBAC model is de- scribed,and a detailed comparison among several models is made,which clearly shows the advantages of AB-RBAC.

shaomin zhang,hongbian yang,baoyi wang

DOI: https://doi.org/10.1007/978-3-642-27287-5_94

2012-01-01

Abstract:For the problems of attribute elements maintenance difficulty and heterogeneous attribute of multi-domain in ABAC model, we propose the method of using ontology to maintain access control elements and distributed attribute management, which describe the logical relationships among attributes with OWL and introduce attribute mapping technology in access control decision-making. It can reduce the complexity of attribute management and raise the security of the cross-domain access. It makes up the defects in original ABAC model, and has a good reference to research the cross-domain access control.

Jue Wang,Li Zhou,Chengxiang Tan

DOI: https://doi.org/10.1109/WCSE.2009.709

2009-01-01

Abstract:A model based on Bell-LaPadula model is proposed for access control in hierarchical organizations which have hierarchical units. These units include departments, staff and a new concept named post. In the model proposed by this paper, relationships among units in organization are built, and security tags can be assigned to subjects and objects simply. The interoperation among different departments is implemented through assigning multiple security tags to one post, and the more departments are closed on the organization tree, the more secret objects can be exchanged by the staff of the departments. The access control matrices of the department, post and staff are defined. By using the three access control matrices, a multi granularity and flexible discretionary access control policy is implemented. The outstanding merit of the BLP model is inherited, and the new model can guarantee that all the information flow is under control. Finally, the study shows that the proposed model is more flexible.

ZHANG LUQIAO,CHEN AIDONG,QIN ZHIGUANG

DOI: https://doi.org/10.3969/j.issn.1008-0570.2007.01.124

2007-01-01

Abstract:Since the proposal of RBAC96, a lot of RBAC model appeared. However, when applied to practical systems, they do not work effectively as they supposed to do. The results always come to an end that people returned to simple access control model using the concept of user- group. In this passage, several effective models are described, and then UARBAC model is proposed based on them. After that, a prototype of file access control system using UARBAC model is proposed.

Wang Zhenjiang,Liu Qiang

DOI: https://doi.org/10.3321/j.issn:1002-8331.2005.35.009

2005-01-01

Abstract:Authority Management is a most important aspect of Information Systems.A successful information system is always supported by a well-designed access control system.Role-based access control policy,which is the focus of access control study nowadays,is more flexible and less management burden.Based on Role-Based Access Control(RBAC) and Task-Role-based Access Control,this paper gives a flexible extended access contrl models,XRBAC,standing for Extended Role-Based Access Control,which extends the definition of role management and authority.

Zhang Xiantao,Li Qi,Qing Sihan,Zhang Huanguo,Zhang Liqiang

DOI: https://doi.org/10.1109/ISCIT.2007.4392214

2007-01-01

Abstract:Role-based Access Control (RBAC) become an important techniques to secure e-commerce systems during recent years. However, RBAC management issue is still an unresolved problem. Moreover, with the development of IT technologies in many departments, there emerge many group communications which require dynamic user-role assignments. In these scenarios it is infeasible for few security officers to administrate the assignment for local variant applications. In this paper, we propose a novel RBAC model for decentralized and distributed systems. We also present an administration model of our PBAC model to address the management issues in traditional RBAC systems. As one of the main contributions, this paper proposes a decentralized administration model by introducing a component of group assignment to implement a novel user authorization mechanism and a new user-role assignment (UA) approach which provides a two-level administration for user and role management through the concept of group. Our model can be applied for the current group communication applications with dynamic assignments where typically local administrators take charge of the dynamic assignments. In this way, many administrative tasks for different applications can spread over many different local administrators, and a fine-grained administration model of RBAC based on the local administration policies is realized. As a proof-of-concept we implemented a prototype in Xen virtualization environment based on our proposed model to secure real distributed applications.

许春根,严悍,刘凤玉

DOI: https://doi.org/10.3969/j.issn.1000-1220.2003.05.015

2003-01-01

Abstract:Access control is significant and intricate component in a large and complex multi-user distributed system. Role based Access Control (RBAC) has been a mainstream security mechanism and object technology has been an effective approach to deal with complexity presently. An object-oriented and formal access control model is imperative for developers to design security mechanism of systems and for users to.perform their duties securely and efficiently. However, existed access control models were mostly informal and non-Object-Oriented. Therefore, this paper proposes a formal and Object-Oriented model for RBAC in Unified Modeling Language (UML). The model is constructed simply and provides consistent and inferable constraint specifications for developers to design access control of large and complex systems.

HU Ying-song,CHEN Gang,ZHU A-ke,CHEN Zhong-xin

2006-01-01

Abstract:A new access control model based on roles and departments is proposed,which extends the traditional RBAC model. The new model abstracts the department from the property of roles,and becomes an important factor of permission control. Furthermore,this paper designs a three-layered architecture for this cross-platform security administration and one of the access control policies is described in detail.

刘伟,刘嘉勇

DOI: https://doi.org/10.3969/j.issn.1672-2892.2009.01.019

2009-01-01

Abstract:As a way to defend information's confidentiality and integrity,access control takes a quite important role in military system and commercial system.Role-Based Access Control(RBAC) Model has been generally used in morden sofeware systems,and it has become one of the hotspots in the field of information.On the basis of RBAC,an Extended Role-Based Access Control(ERBAC) model is introduced against the imperfections of the famous RBAC model.Then the applying process of this model is illuminated.In the improved model,the concepts of role and permission are extended,which makes RBAC model be applied to systems freely and efficiently,and strengthens the security of access control.

Fei Hongxiao,Chen Jiong,Deng Xiaohong,Chen Zhigang

DOI: https://doi.org/10.3969/j.issn.1000-386X.2012.06.008

2012-01-01

Abstract:Traditional access control model does not need to consider other subjects when establishing and implementing strategy due to the singularity of its subject.So,when the resource users and owners are of two subjects,it can not reflect the security requirement of both.Taking the Regional Healthcare Information Sharing System as the application background,and aiming at the defect that the traditional access control model is still a coarse-grained management when the owners and the users of the resource in system are in separation,we construct a resource owners-oriented access control model based on RBAC,O-RBAC(Owners-Based Access Control),it introduces the concepts of object class,role domain and so on,enables both the owners and users of the resource can jointly manage the permission of resource effectively,so that achieves the management of fine-grained on resource in condition of the separation between the ownership and the usufruct.

Xu Guangwei,Yin Jianwei,CHEN Gang,Dong Jinxiang

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.09.026

2005-01-01

Abstract:Current RBAC models have gained general recognition, but the realization of traditional RBAC is divorced from the organizational structure of enterprises, and the tight coincidence of authentication modules and applications causes troubles to maintenance and realization of the system. A principal-based authentication , authorization model and algorithm are introduced and they are based on the realized RBAC models, as well as a J2EE-based realization is presented.