Lin Yao,Xiangwei Kong,Zichuan Xu

DOI: https://doi.org/10.1109/NCM.2008.75

2008-01-01

Abstract:Although RBAC models have received broad support as a generalized approach to access control, the administration of roles in large organizations can become quite cumbersome. In this paper, we develop a new paradigm for access control and authorization management, called task-role based access control (TRBAC) with multi-constraint. The basic idea of this model different from traditional RBAC is that roles and permissions are not connected directly but are put together by tasks. It is a dynamic authorization model with fine-grained partition on users, roles, tasks and sessions. The unit of task becomes the permission granularity. It is more convenient for enterprise privilege management such as distributed application,C/S access control and workflow management. It can reduce the administrator's burden and avoid some potential safety hazards because of adopted dynamic authorization.

Huanchun Peng,Jun Gu,Xiaojun Ye

DOI: https://doi.org/10.1109/ispa.2008.80

2008-01-01

Abstract:This article presents a new approach for privacy preserving access control based on RBAC. The separation of authorization of access purpose from access decision improves the flexibility of private data control. A key feature of this approach is dynamic. The access purpose is determined in a dynamic manner, based on subject attributes, context attributes and authorization policies. Intended purposes are dynamically associated with the requested data object during the access decision. Finally, we give the algorithm to achieve the compliance computation between the access purpose and intended purposes.

JIANG Jie,ZHANG Jie,CHEN De-ren

DOI: https://doi.org/10.3785/j.issn.1008-973x.2009.09.011

2009-01-01

Abstract:An extended context-aware role based access control(RBAC) based on reasoning(RC-RBAC) model was proposed by integrating the single context-aware RBAC and reasoning-based RBAC in order to solve the problems of the Absence of the adjustment and generation of the context-aware condition dynamically and the incapacity of updating the user authorization according to the adjusted constrain conditions in the existing RBAC.The extended model used the rule reasoning to adjust and generate the context constrains dynamically and start the common sensors and the self-defined sensors to collect the attribute values of the conditions.The access permission to the sensitive data was updated in real time based on the context-aware logic reasoning using the user rules and permission rules.The application results show that the extended RC-RBAC model can be employed in the distributed environment to satisfy the need of the dynamic authorization and reduce the real-time access control management complexity.

Zhiwen Zou,Changqian Chen,Shiguang Ju,Jiming Chen

DOI: https://doi.org/10.1007/978-3-642-12189-0_26

2010-01-01

Abstract:The Spatial Role-Based Access Control (SRBAC) model was discussed in this paper. Firstly, the formal definition of SRBAC Model was given; then the region coverage constraint of spatial object, duration constraint of spatial object, various spatial object separations of duty constraints and spatial object cardinality constraint of role activation were researched; after extending the traditional session, the strategy of eliminating the conflictive session was presented; Finally, the role hierarchy has been discussed under the spatial environment. Combined with practical application, the theory of secure DBMS was optimized and afforded to build the stricter system.

Yuan Tian,Biao Song,Eui-nam Huh

DOI: https://doi.org/10.1145/1821748.1821827

2009-01-01

Abstract:Privacy issue is receiving a great deal of attention since the need of privacy is increasing and new threats are emerging. The growing concern of users for their personal information has made it critical to implant effective technologies for privacy and data management. A common way for privacy preservation is restricting access to data like the classic Role-based Access Control (RBAC) Model. But the RBAC is limited as it does not provide users enough flexibilities and functionalities. In order to minimize the disclosure of data and support higher flexibilities for users to manage their privacy information, this paper provides a privacy data graph based on the traditional RBAC model to illustrate the linkage between data elements. Moreover, the notion of purpose is added to specify the intended usage of data and allow users to set personal privacy preferences through purpose. A case study in the healthcare domain is provided. As our model is generic, it can be also adapted to other fields. A detailed view of our proposed privacy system with experimental result is provided.

刘逸敏,王智慧,周皓峰,汪卫

DOI: https://doi.org/10.3778/j.issn.1673-9418.2010.03.004

2010-01-01

Abstract:With the release of the privacy data access guidelines by industries,such as HIPAA and OECD guidelines,the access control of privacy data has recently become a hot research topic in the area of privacy data management.The role-based access control mechanism and view-based access control mechanism in a relational database only support the controls for users'access permissions,but they don't solve the problems of privacyaware access control.The key elements for describing privacy data are the hierarchical structure of data purpose.Several purpose-based access control models presented currently have two shortcomings:The redundancy of privacy policies and the query results not maximized.This paper proposes a novel purpose-based relational database access control model R-PAACEE(privacy-aware access control enforcement engine),which can reduce the redundancy of privacy policies by constructing the concept hierarchy of privacy policies and describing them with ordered tuples.The paper also presents a query-rewritten algorithm for separating the private and non-private attributes,which can maximize the query results.The experimental results show that for a query related to privacy data,a database management system with R-PAACEE can achieve good query performance.

Rui Zhang,Fausto Giunchiglia,Bruno Crispo,Lingyang Song

DOI: https://doi.org/10.1007/s11277-009-9782-4

IF: 2.017

2009-01-01

Wireless Personal Communications

Abstract:Context-aware computing is an important aspect of the pervasive computing environment and its various dynamic context information brings new challenges to access control systems. In this paper a new access control model, relation based access control (RelBAC), is provided for context-aware environment with a domain specific Description Logic to formalize the model. The novelty of RelBAC is that permissions are formalized as binary relations between subjects and objects which could evolve with the dynamic contexts. The expressive power of RelBAC is illustrated in a case study of a project meeting event.

XIA Peng-wan,CHEN Rong-guo,SUN Jian

2007-01-01

Abstract:The traditional role based access control model (RBAC) can not avoid some security flaws, because the components and the constraints of the model are too simple. Based on the traditional RBAC, a enhanced RBAC model (ERBAC) was brought forward, which expanded the components and the constraints. Besides, this new model features the separated administrative permissions, complete constraints and better utility.

liangyu li,yuanning liu,xiaodong zhu,biao huang,youwei wang

DOI: https://doi.org/10.2991/meita-15.2015.185

2015-01-01

Abstract:The traditional Role-Based Access Control(RBAC) model([1]) is widely used in enterprises, but it's control granularity is too single and it's permissions configuration is too complex. This paper introduces the concepts of coarse-granularity and fine-granularity([2]), and puts forward a RBAC model that supports authorization with the combination of static and dynamic. In this paper, we first show the overall structure of the model, then divide the model into two parts of permissions configuration and permissions control to describe. In each part, we introduce the related basic elements and design the algorithms. Finally, this paper shows the application based on this model. And tests shows that the model is a good solution to these problems and has good feasibility and effectiveness.

Xiaobing Liu,Zhaoyang Bai

2008-01-01

Abstract:Sensitive information is one of core competence concerning with the development of the enterprise business. Tremendous pressure on today's enterprises to achieve and sustain competitive advantage has led to heightened efforts to protect sensitive information. Many enterprises have recognized that the key to sensitive information management improvement lies in the better access control model. In this paper, we present a boundary-based access control model incorporating an advanced security mechanism, in order to support fine-grained authorizations in the right time for the provision of services, based on the analysis of system boundary. In this model, access permissions are controlled by the state transitions at different layers including workflow layers, control layers and data layers. The access control mechanism is based on an RBAC model, which incorporates dynamic context information. Context is classified based on the analysis of system boundary into six main categories, which is further categorized as simple condition and composite condition, thus forming a multi-level context. In a multi-level hierarchy of context conditions, the access control model is implemented dynamically, by checking the context constraint associated with each access task at the time of the specific request submission, whose functionality and the constituent parts have been described formally and in detail.

刘伟,刘嘉勇

DOI: https://doi.org/10.3969/j.issn.1672-2892.2009.01.019

2009-01-01

Abstract:As a way to defend information's confidentiality and integrity,access control takes a quite important role in military system and commercial system.Role-Based Access Control(RBAC) Model has been generally used in morden sofeware systems,and it has become one of the hotspots in the field of information.On the basis of RBAC,an Extended Role-Based Access Control(ERBAC) model is introduced against the imperfections of the famous RBAC model.Then the applying process of this model is illuminated.In the improved model,the concepts of role and permission are extended,which makes RBAC model be applied to systems freely and efficiently,and strengthens the security of access control.

Wang Zhenjiang,Liu Qiang

DOI: https://doi.org/10.3321/j.issn:1002-8331.2005.35.009

2005-01-01

Abstract:Authority Management is a most important aspect of Information Systems.A successful information system is always supported by a well-designed access control system.Role-based access control policy,which is the focus of access control study nowadays,is more flexible and less management burden.Based on Role-Based Access Control(RBAC) and Task-Role-based Access Control,this paper gives a flexible extended access contrl models,XRBAC,standing for Extended Role-Based Access Control,which extends the definition of role management and authority.

王刚,宋执环

DOI: https://doi.org/10.3969/j.issn.1000-3428.2002.09.044

2002-01-01

Abstract:In this paper, the construction of role-based access control is discussed. Aiming at the complexity of the subjects, combined with the particularity of actions and objects in document management, considering the restriction of subject and the state of object, some improvement is made in the original RBAC and a new team-role-based document access control which is named TRBDAC model is presented. ;

高涛,朱晓民,沈奇威

2011-01-01

Abstract:With the development of Internet,privacy has been acknowledged to be more and more important.So far,there exists such like P3P,EPAL,XACML models or frameworks to protect privacy.This paper describes a privacy protection model based on the familiar access control model RBAC.It supports to fulfill the demand for complex privacy strategies,such like the standards of Safe Harbor Frameworks.By the way,this paper also gives out an achievement of the model in a Content Management System.

Yi Ren,Zhiting Xiao,Sipei Guo

DOI: https://doi.org/10.1109/isecs.2008.163

2008-01-01

Abstract:Role based access control (RBAC) has been widely adopted as a policy neutral access control model by many IT corporations. RBAC96, which is the most famous family of RBAC models, provides a common frame reference for related research and development. Many properties proposed in the family, e.g. limited inheritance, mutually exclusive roles, cardinality, and interaction, have been separately discussed in the previous work. In this paper, an extended RBAC model implementing those properties is proposed to provide an approach for implementing RBAC3. The extended RBAC model is based on deputy mechanism and is called deputy-based access control (DBAC). Since the private role hierarchy and constraint can be uniformly handled in DBAC, a flexible and powerful access control system can be implemented.

Qu Shiyan,Jiang Xinghao,Sun Tanfeng,Zhou Xiaojun

DOI: https://doi.org/10.3969/j.issn.1000-386X.2011.03.021

2011-01-01

Abstract:Intelligent and opened Hospital Information System(HIS) makes the protection skill for personal health privacy records a concern.Unifying with special need of existing HIS in access control,this paper presents a model named HISPAC(HIS Privacy Access Control) based on current access control technology.This model introduces a notion of purpose management,which overcomes the imperfection of current access control technology and well solves the personalised privacy protection problem.

TIAN Li-qin,JI Tie-guo,LIN Chuang,YIANG Yiang

DOI: https://doi.org/10.3778/j.issn.1002-8331.2008.19.004

2008-01-01

Abstract:The paper establishes a user behaviour trust and Role-Based Access Control(RBAC) model,which introduces the attribute concept and adds the user behaviour trust degree set on the basis of RBAC model.The detailed description and the authorization flow are given in the article.At last the model is analyzed from the dynamic performance and trust mechanism and role numbers and work performance.The new access control achieves the dynamic authorization by the dynamic assignment of role attributes and achieves the connection identity trust with behavior trust by setting the trust degree as an obligatory attribute,which changes the static authorization only based the identity of existing access control models.The model can reduce the role number by setting the attributes for the role,which can lighten the role management burden caused by the large number roles and improve the performance at the same time.

姚全营,姚淑珍,黄河,谭火彬

DOI: https://doi.org/10.13700/j.bh.1001-5965.2011.07.010

2011-01-01

Abstract:Role based access control（RBAC） mainly depend on role given by the theme to achieve the protection of natural resources.In the control of the permissions,execution context,how the customs organize and manage were not taken into account.In order to adapt dynamic requirements of the application environment and to make the management of customs more convienent,RGBACC model was put forward.RGBACC model add ＂context-aware＂and ＂user group management＂ to RBAC model.The context information ralated security from application environment was obtained to dynamically change the user＇s permission.To the customs who have the same function,RGBACC model can manage them unifiedly,at the same time,it maintain the advantagement of traditional RBAC model.

Cheng-dong JU,Ming-hong LIAO

DOI: https://doi.org/10.3969/j.issn.1007-2683.2005.04.027

2005-01-01

Abstract:According to the shortcoming of the classic RBAC96 model and its relative ones,an improved hierarchy role-based access control model IHRBAC is presented.By using the concepts of role-permission inheritance limit and extreme limit in the relation of role-permission assignment,the role permissions are divided into private permissions and public ones,and the concepts of privatizing inheritance and publicizing inheritance are defined.In IHRBAC model,the multi-level management of role-permission assignment can be used under the control of security manager,which can overcome the limitations of central administration mode in most RBAC models,and flexibly describe the more complicated role relationships.

王德鑫,张茂军,王炜,熊志辉

DOI: https://doi.org/10.3969/j.issn.1007-130x.2008.06.008

2008-01-01

Abstract:Traditional role-based access control can not filter the functional entities, data operations and business data at one time, because it has only one set of roles. To resolve this problem, we extend it by importing the concept of role group and defining three role groups, i.e. functional role group, behavioral role group and data role group. Functional roles are used to filter the functional entities; behavioral roles are used to restrict the data operation activities; and data roles are used to filter the business data. We assign at least a functional role, a behavioral role and a data role to every user, so as to ensure only the authorized user can do the authorized data operation activities on the authorized data. Applications indicate that, the extended role based access control model possesses favorable expansibility, adaptability and flexibility, and it can be used as the access control model for complex information systems with a high demand of data security.