Lin Yao,Xiangwei Kong,Zichuan Xu

DOI: https://doi.org/10.1109/NCM.2008.75

2008-01-01

Abstract:Although RBAC models have received broad support as a generalized approach to access control, the administration of roles in large organizations can become quite cumbersome. In this paper, we develop a new paradigm for access control and authorization management, called task-role based access control (TRBAC) with multi-constraint. The basic idea of this model different from traditional RBAC is that roles and permissions are not connected directly but are put together by tasks. It is a dynamic authorization model with fine-grained partition on users, roles, tasks and sessions. The unit of task becomes the permission granularity. It is more convenient for enterprise privilege management such as distributed application,C/S access control and workflow management. It can reduce the administrator's burden and avoid some potential safety hazards because of adopted dynamic authorization.

JIANG Jie,ZHANG Jie,CHEN De-ren

DOI: https://doi.org/10.3785/j.issn.1008-973x.2009.09.011

2009-01-01

Abstract:An extended context-aware role based access control(RBAC) based on reasoning(RC-RBAC) model was proposed by integrating the single context-aware RBAC and reasoning-based RBAC in order to solve the problems of the Absence of the adjustment and generation of the context-aware condition dynamically and the incapacity of updating the user authorization according to the adjusted constrain conditions in the existing RBAC.The extended model used the rule reasoning to adjust and generate the context constrains dynamically and start the common sensors and the self-defined sensors to collect the attribute values of the conditions.The access permission to the sensitive data was updated in real time based on the context-aware logic reasoning using the user rules and permission rules.The application results show that the extended RC-RBAC model can be employed in the distributed environment to satisfy the need of the dynamic authorization and reduce the real-time access control management complexity.

JING Dong-sheng,YANG Ji-wen

DOI: https://doi.org/10.3969/j.issn.1673-629x.2006.02.071

2006-01-01

Abstract:The research work of RBAC(role-based access control) and TBAC(task-based access control) is greatly emphasized in recent years.This paper compares the characteristics and applicability spectrum of some recent models.To the deficiency of the existing model,in order to improve the security,compatibility and practicability of application systems,through combining the advantages of RBAC and TBAC model,a new-type model,T-RBAC(task-role based access control),is discussed.The configuration and characteristics of the model is described.The support of least privilege,separation of duties,data abstraction and roles hierarchies in the model is explained.An application of the model in computer supported cooperative system and the main goal of future research is presented.

王刚,宋执环

DOI: https://doi.org/10.3969/j.issn.1000-3428.2002.09.044

2002-01-01

Abstract:In this paper, the construction of role-based access control is discussed. Aiming at the complexity of the subjects, combined with the particularity of actions and objects in document management, considering the restriction of subject and the state of object, some improvement is made in the original RBAC and a new team-role-based document access control which is named TRBDAC model is presented. ;

LI Hong-wei,WANG Xiao-ming

DOI: https://doi.org/10.3969/j.issn.1000-7180.2006.12.040

2006-01-01

Abstract:But most of the existing RBAC models are static,and the dynamic management for roles is required by morden software systems.With the notions,role environment function and role constraint rule used,a new model,extended role-based access control(ERBAC)is proposed,the dynamic characteristic of RBAC in special-time is extended,the new relationships among roles,the grant rules and formal descriptions are defined and discussed.Finally,a basic framework implementing ERBAC model is given.

Chao Huang,Jianling Sun,Xinyu Wang,Yuanjie Si

DOI: https://doi.org/10.1007/978-3-642-02617-1_8

2009-01-01

Abstract:To provide a selective regression test method for the access control systems which employ role based access control (RBAC) policy. Access control regression test is always tedious and error-prone for financial systems involving complicated constraints, like separation of duty and cardinality constraints. We give the formal definition of RBAC policy change then we propose a test selection framework via policy change and change propagation analysis. Our method provides the confidence that it's only necessary to exercise the selected test cases to guarantee the access control of the system is not broken for the new release. We also describe SACRT, an access control regression test tool which realizes our framework. According to our practical application experience in the realistic financial systems, SACRT demonstrates the effectiveness in reducing the size of the access control regression test suite.

TIAN Li-qin,JI Tie-guo,LIN Chuang,YIANG Yiang

DOI: https://doi.org/10.3778/j.issn.1002-8331.2008.19.004

2008-01-01

Abstract:The paper establishes a user behaviour trust and Role-Based Access Control(RBAC) model,which introduces the attribute concept and adds the user behaviour trust degree set on the basis of RBAC model.The detailed description and the authorization flow are given in the article.At last the model is analyzed from the dynamic performance and trust mechanism and role numbers and work performance.The new access control achieves the dynamic authorization by the dynamic assignment of role attributes and achieves the connection identity trust with behavior trust by setting the trust degree as an obligatory attribute,which changes the static authorization only based the identity of existing access control models.The model can reduce the role number by setting the attributes for the role,which can lighten the role management burden caused by the large number roles and improve the performance at the same time.

CAI Guo-yong,LIN Yu-ming

DOI: https://doi.org/10.3778/j.issn.1002-8331.2008.03.072

2008-01-01

Computer Engineering and Applications Journal

Abstract:RBAC(Role Based Access Control) is a widely accepted model suitable for access control of organizational information system.However there is still a gap need to be filled whenever considering practical application of RBAC in development of trustable organizational system,especially in combination of organizational business collaborative model with RBAC.Based on RBAC model,elements of obligation and reward/sanction in business collaborative model are proposed to extend RBAC to a new model called RBAO(Role Based Access and Obligation).RBAO specifies not only the authorizations of roles in an organization,but also their obligations and associated sanctions or rewards in collaborative business.RBAO is more applicable in trustable business collaborative system development comparing with RBAC.The analysis and modeling process of using RBAO in trustable collaborative business system development is illustrated through a case study.

LENG Chun-xia,YU Hui-qun,HAN Jian-min

2009-01-01

Abstract:The access control mechanism in open systems can not only respond to the access requirement of a large amount of users whose identities are not recognizable in advance, but also reflect context information in user's access requirements. We propose a trustworthiness- and context-based access control model (TC-RBAC) and give a method of evaluating the trustworthiness of users. By means of trustworthiness, the applicable roles are assigned to the users whose identities are not recognizable in advance. Besides, context constraint contributes to the decisions of authorization according to context information in user's access requirements. These satisfy the design demands of the access control mechanism in open systems.

Hui Qi,Xiong Luo,Xiaoqiang Di,Jinqing Li,Huamin Yang,Zhengang Jiang

DOI: https://doi.org/10.1109/cyberc.2016.21

2016-01-01

Abstract:Combining the role-based access control ( RBAC) model with the attribute-based access control ( ABAC) model is a popular direction of current research on access control models. At present, many RABAC ( RBAC + ABAC) models have been proposed. On the basis of RBAC model, these models dynamically apply ABAC rules to user-role mapping, role-permission mapping and user-permission mapping, thus realizing the usability and flexibility of access control models to some extent. But these models still have some insufficiencies in access control granularity and flexibility. This paper analyzes the defects of existing RABAC models and their causes, proposes a more fine-grained, flexible and efficient RABAC model, and realizes an access control system based on this model. Through the well-designed ABAC rules and their application modes, the system has achieved the goal of the RABAC model proposed by this paper and facilitated the administrator's management of access control rules.

Wang Zhenjiang,Liu Qiang

DOI: https://doi.org/10.3321/j.issn:1002-8331.2005.35.009

2005-01-01

Abstract:Authority Management is a most important aspect of Information Systems.A successful information system is always supported by a well-designed access control system.Role-based access control policy,which is the focus of access control study nowadays,is more flexible and less management burden.Based on Role-Based Access Control(RBAC) and Task-Role-based Access Control,this paper gives a flexible extended access contrl models,XRBAC,standing for Extended Role-Based Access Control,which extends the definition of role management and authority.

liangyu li,yuanning liu,xiaodong zhu,biao huang,youwei wang

DOI: https://doi.org/10.2991/meita-15.2015.185

2015-01-01

Abstract:The traditional Role-Based Access Control(RBAC) model([1]) is widely used in enterprises, but it's control granularity is too single and it's permissions configuration is too complex. This paper introduces the concepts of coarse-granularity and fine-granularity([2]), and puts forward a RBAC model that supports authorization with the combination of static and dynamic. In this paper, we first show the overall structure of the model, then divide the model into two parts of permissions configuration and permissions control to describe. In each part, we introduce the related basic elements and design the algorithms. Finally, this paper shows the application based on this model. And tests shows that the model is a good solution to these problems and has good feasibility and effectiveness.

Zhang Xiantao,Li Qi,Qing Sihan,Zhang Huanguo,Zhang Liqiang

DOI: https://doi.org/10.1109/ISCIT.2007.4392214

2007-01-01

Abstract:Role-based Access Control (RBAC) become an important techniques to secure e-commerce systems during recent years. However, RBAC management issue is still an unresolved problem. Moreover, with the development of IT technologies in many departments, there emerge many group communications which require dynamic user-role assignments. In these scenarios it is infeasible for few security officers to administrate the assignment for local variant applications. In this paper, we propose a novel RBAC model for decentralized and distributed systems. We also present an administration model of our PBAC model to address the management issues in traditional RBAC systems. As one of the main contributions, this paper proposes a decentralized administration model by introducing a component of group assignment to implement a novel user authorization mechanism and a new user-role assignment (UA) approach which provides a two-level administration for user and role management through the concept of group. Our model can be applied for the current group communication applications with dynamic assignments where typically local administrators take charge of the dynamic assignments. In this way, many administrative tasks for different applications can spread over many different local administrators, and a fine-grained administration model of RBAC based on the local administration policies is realized. As a proof-of-concept we implemented a prototype in Xen virtualization environment based on our proposed model to secure real distributed applications.

LIU Zhi,ZOU Zhi-ling

DOI: https://doi.org/10.3969/j.issn.1672-6693.2009.03.016

2009-01-01

Abstract:After the development of so many years,RBAC has cumulated abundant and mature theory basis and is widely used in access control in information system.In this paper,the access control thinking and principle of RBAC model are illustrated first.It consructs network security control model by abstracting five basic data objects which are user,role,object,operation and permission respectively in building the relationship among them.Then the disadvantages of RBAC in processing time-constraint access control are analysed.Secondly,we retrospect the studying status quo of temporal RBAC model and analyse the existing problem of TRBAC during authorizing in temporal system.It constraints the permission only in role level and does not consider fully the details during authorizing and role assignmeng.Finally a model named GTRBAC and its thinking are prospected.GTRBAC is a well defined access control model in temporal environment by now.It not only considers persistent constraints,circular contraints and other particular activate contraints on the basis of RBAC,but also proposes the methods solving conflicts amongs contraints.

XIA Qi-shou,FAN Xun-li,YIN Xiao-ling

2008-01-01

JOURNAL OF NORTHWEST UNIVERSITY(NATURAL SCIENCE EDITION)

Abstract:Aim In order to make the RBAC model have the ability of time perception,the RBAC(Role Based Access Control) model is expanded.Methods Based on the main models of Role-Base Access Control,a time role-based access control model was presented,which is called TRBAC model.TBRAC model does not only expand time field about the original authorizing restraint,but also comment its delegation and rules of taking back delegation in detail.Results The TBRAC model makes the system much more secure and effective.Meanwhile it can reduce complexity of mass network application and cost of safety management.Conclusion The TBRAC model greatly weakens the difficulty of administrator's extent of right,so it can create a great deal of economic and technological benefit in safety management of internet.

皮建勇,刘心松

DOI: https://doi.org/10.3969/j.issn.1009-3087.2005.01.027

2005-01-01

Abstract:In order to express the complicated and dynamic access control authorization relations in the real world,a novel model—TD-RBAC(Task-based Dynamic RBAC) was proposed.The concurrent transaction logic was described by the extended predicate task model and the dynamic constraint relations among the subtasks was found out by analyzing the concurrent executive net of subtasks.The dynamic role constraint relations based on the traditional RBAC was extended. The analysis of the performance evaluating showed that the TD-RBAC has favorable access control efficiency under the distributed parallel computing.

Yongzhong He,Zhan Han,Ying Cai

DOI: https://doi.org/10.1109/IIHMSP.2010.55

2010-01-01

Abstract:Role based access control (RBAC) model is widely used in information system for efficient management of complex access control policy. Various extensions to the basic RBAC model are proposed for different purpose. A novel extension to the basic RBAC is presented in this paper. The model proposed in this paper is characteristic of 1) flexible and fine grained access control on objects such as tuples and attributes in DBMS, 2) providing administrative separation of duty at operation level by associating one operation to several privileges, 3) providing administrative separation of duty at task level by requiring a set of prerequisite roles before role is assigned to user. Furthermore, an efficient access decision algorithm for DRBAC is presented.

AN Xiao-ming,WANG Xiao-ming,WANG Qiao-ling

DOI: https://doi.org/10.3778/j.issn.1002-8331.2010.07.027

2010-01-01

Abstract:The highly development of information technology has brought new challenges to information security.Because of the lack of time and space constraints,traditional RBAC model cann't meet the new requirements of information system.On the basis of RBAC,the definition of spatio-temporal domain is introduced,each element of the model is constrained with time and space,and the spatio-temporal role based access control model(TSRBAC) is proposed.In this paper,TSRBAC is described formally,spatio-temporal role hierarchy and spatio-temporal separation of duty are defined.The spatio-temporal access control algorithm has also been given.

FU Xiang-ping,WU Zhen-qiang,YANG Bei

DOI: https://doi.org/10.3969/j.issn.1001-3695.2011.02.095

2011-01-01

Abstract:For the problems including the ambiguity of user role assignment,the unitary of user authorization certification decision-making,and the conflicts between role number and management etc in the traditional RBAC,the paper presented an improved RBAC model named TA-RBAC that combined attribute and trust-degree.The model made the authentication for the traditional model perfected by adding to the credibility authentication of user and their platforms,ensured that authorized process of the system was more reliable.Meanwhile,it extended authorization mechanism of traditional model using the concept of trust-degree and attributes.It implemented user dynamic role assignment through the corresponding user authentication credibility assigned.By introducing attribute into assign permissions,it realized object activation operation,effectively reduced the number of roles and implemented more fine-grained authorization.Finally,the paper gave the authorized process of the model and the application examples in digital home.

Qi Li,Xinwen Zhang,Mingwei Xu,Jianping Wu

DOI: https://doi.org/10.1016/j.cose.2008.12.004

IF: 5.105

2009-01-01

Computers & Security

Abstract:Role-Based Access Control (RBAC) has become a popular technique for security purposes with increasing accessibility of information and data, especially in large-scale enterprise environments. However, authorization management in dynamic and ad-hoc collaborations between different groups or domains in these environments is still an unresolved problem. Traditional RBAC models cannot solve this problem because they cannot support security policy composition from different groups, and lack efficient administrative models for dynamic collaborations. In this paper, we propose a group-based RBAC model (GB-RBAC) for secure collaborations which is based on RBAC96 and extended with group concept to capture dynamic users and permissions. We propose a decentralized security administrative model for GB-RBAC to address the management issues of RBAC in collaborations. As a unique property, our model supports two levels of authorization management: global or system level management by system administrators and local or group level management by group administrators. In this way, our model implements the principles of management autonomy and separation of duty (SoD) in security administrations. We apply our model for authorization management in collaborations by introducing the concept of virtual group. A virtual group is built for a collaboration between multi-groups, where all members build trust relation within the group and are authorized to join and perform operations for the collaborative work. Compared with existing work, our model supports dynamic and ad-hoc collaborations in large-scale systems with the properties of controllable, decentralized, and fine-grained security management.