Lin Yao,Xiangwei Kong,Zichuan Xu

DOI: https://doi.org/10.1109/NCM.2008.75

2008-01-01

Abstract:Although RBAC models have received broad support as a generalized approach to access control, the administration of roles in large organizations can become quite cumbersome. In this paper, we develop a new paradigm for access control and authorization management, called task-role based access control (TRBAC) with multi-constraint. The basic idea of this model different from traditional RBAC is that roles and permissions are not connected directly but are put together by tasks. It is a dynamic authorization model with fine-grained partition on users, roles, tasks and sessions. The unit of task becomes the permission granularity. It is more convenient for enterprise privilege management such as distributed application,C/S access control and workflow management. It can reduce the administrator's burden and avoid some potential safety hazards because of adopted dynamic authorization.

Di Wu,Xiyuan Chen,Jian Lin,Miaoliang Zhu

DOI: https://doi.org/10.1007/11836025_19

2006-01-01

Abstract:Today, the formulation, specification, and verification of adequate data protection policies in open distributed environment appear as the main challenge to address concerning authorization Role-based access control models have attracted considerable research interest in recent years due to their innate ability to model organizational structure and their potential to reduce administrative overheads This paper proposes ontology specification to describe Role-based Access Control model and extend it with a general context expression Based on these definitions, the specification for interoperation in distributed environment is introduced The works include a definition of ontology to describe the concepts and a declaration of rules to explicit the relationship between concepts The ontology based approach can express security policy with semantic information and provide a machine interpretation for descriptions of policy in open distributed environment.

Xiyuan Chen,Miaoliang Zhu

DOI: https://doi.org/10.4028/www.scientific.net/kem.439-440.178

2010-01-01

Abstract:Semantic; Trust Management; RBAC; User-role Assignment Abstract. The application of RBAC in access management of the enterprise services and resources is very widely. With phenomenal growth of information interaction and cooperation between distributed systems, the number of users can be in the hundreds of thousands or millions. This renders manual user-to-role assignment a formidable task. In this paper, we propose a semantic and trust based framework to automatically assign users to roles based on a finite set of assignment rules defined by authorized people in the enterprise. These rules take into consideration the attributes users own and any constraints set forth by the enterprise including the assignment history and the credit of the requester. We choose OWL to specify the user attributes.

Wu Di,Jian Lin,Yabo Dong,Miaoliang Zhu

DOI: https://doi.org/10.1109/PDCAT.2005.247

2005-01-01

Abstract:Role-based access control (RBAC) models have generated a great interest in the security community as a powerful and generalized approach to security management. One of important aspects in RBAC is constraints that constrain what components in RBAC are allowed to do. There are lots of research have been achieved to specify constraints for secure system developers. However more work is need urgently to met requirements for interoperability of machine and people understandable constraints specification in open and distributed environment. In this paper we propose another approach to specify constraints using Semantic Web technologies. The Web Ontology Language (OWL) specification of basic RBAC components and constraints are described in detail.

许春根,严悍,刘凤玉

DOI: https://doi.org/10.3969/j.issn.1000-1220.2003.05.015

2003-01-01

Abstract:Access control is significant and intricate component in a large and complex multi-user distributed system. Role based Access Control (RBAC) has been a mainstream security mechanism and object technology has been an effective approach to deal with complexity presently. An object-oriented and formal access control model is imperative for developers to design security mechanism of systems and for users to.perform their duties securely and efficiently. However, existed access control models were mostly informal and non-Object-Oriented. Therefore, this paper proposes a formal and Object-Oriented model for RBAC in Unified Modeling Language (UML). The model is constructed simply and provides consistent and inferable constraint specifications for developers to design access control of large and complex systems.

JIANG Jie,ZHANG Jie,CHEN De-ren

DOI: https://doi.org/10.3785/j.issn.1008-973x.2009.09.011

2009-01-01

Abstract:An extended context-aware role based access control(RBAC) based on reasoning(RC-RBAC) model was proposed by integrating the single context-aware RBAC and reasoning-based RBAC in order to solve the problems of the Absence of the adjustment and generation of the context-aware condition dynamically and the incapacity of updating the user authorization according to the adjusted constrain conditions in the existing RBAC.The extended model used the rule reasoning to adjust and generate the context constrains dynamically and start the common sensors and the self-defined sensors to collect the attribute values of the conditions.The access permission to the sensitive data was updated in real time based on the context-aware logic reasoning using the user rules and permission rules.The application results show that the extended RC-RBAC model can be employed in the distributed environment to satisfy the need of the dynamic authorization and reduce the real-time access control management complexity.

Yan Chen,Chao Luo,Can Ying Huang,Shang Ping He

DOI: https://doi.org/10.4028/www.scientific.net/aef.6-7.273

2012-01-01

Advanced Engineering Forum

Abstract:As a key access control mode that multiple characters application system is presently used , RBAC(Role-Based Access Control) can solve the problem of dynamic multi-users and multiple characters excellently, but when facing complicated resource types and business processes, it must be expanding on that basis. The article has put forward and realized a permissions model which can solve complicated resource system and business processes—resource model.

Yi Ren,Zhiting Xiao,Sipei Guo

DOI: https://doi.org/10.1109/isecs.2008.163

2008-01-01

Abstract:Role based access control (RBAC) has been widely adopted as a policy neutral access control model by many IT corporations. RBAC96, which is the most famous family of RBAC models, provides a common frame reference for related research and development. Many properties proposed in the family, e.g. limited inheritance, mutually exclusive roles, cardinality, and interaction, have been separately discussed in the previous work. In this paper, an extended RBAC model implementing those properties is proposed to provide an approach for implementing RBAC3. The extended RBAC model is based on deputy mechanism and is called deputy-based access control (DBAC). Since the private role hierarchy and constraint can be uniformly handled in DBAC, a flexible and powerful access control system can be implemented.

BAO Zhigang,HU Yanjun,GU Xinjian

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.01.059

2006-01-01

Abstract:Firstly making reference to role based access control(RBAC)model,this paper proposes the basic idea about access control.Then it introduces database design of two realizing methods about access control and two methods’ realization in program,it also presents visual effect.Finally it analyzes and compares one to another in detail from two aspects of applicability and reusability.

Li MA,Shi-long MA,Yue-fei SUI,Sheng-wei YI

DOI: https://doi.org/10.3969/j.issn.1002-137X.2010.03.006

2010-01-01

Computer Science

Abstract:Role-Based Access Control (RBAC)controls the user's access to resources by indirectly using roles, which simplifies the security management greatly. Although the research of RBAC model is a mature area, the lack of formalization of RBAC results in uncertainty and confusion about the concepts and meaning of RBAC. Description Logic (DL) is a kind of object-based knowledge representation formalism, and also a decidable fragment of first-order predicate logic, with well-defined semantics and powerful representation capability. To give a formal description of RBAC, this paper took RBAC96 as a reference model and proposed a new formalized method to RBAC with description logic, called DL_(RBAC), which gives formal definitions to the concepts and relations of RBAC This paper also proved that the formal representation is faithful to RBAC model Based on the formalized model, we can further Study RBAC.

LI Fan,ZHENG Wei-min

DOI: https://doi.org/10.3969/j.issn.1000-7024.2005.08.052

2005-01-01

Abstract:Access Control is an important technology in system security in which RBAC(Role-Based Access Control) is a well-known model.But RBAC is complicated in large application system.The problems existing in RBAC were analyzed and an organization and role based access control model ORBAC was proposed.The new model reduces the number of the role and the complexity of access con-trol management in application system by extending organization structure and its permissions to RBAC.

Wang Zhenjiang,Liu Qiang

DOI: https://doi.org/10.3321/j.issn:1002-8331.2005.35.009

2005-01-01

Abstract:Authority Management is a most important aspect of Information Systems.A successful information system is always supported by a well-designed access control system.Role-based access control policy,which is the focus of access control study nowadays,is more flexible and less management burden.Based on Role-Based Access Control(RBAC) and Task-Role-based Access Control,this paper gives a flexible extended access contrl models,XRBAC,standing for Extended Role-Based Access Control,which extends the definition of role management and authority.

Chao Huang,Jianling Sun,Xinyu Wang,Yuanjie Si

DOI: https://doi.org/10.1109/ICNDS.2009.94

2009-01-01

Abstract:Access control is always essential for safe and security access to the system resource. Role based access control (RBAC) model is widely used in large enterprise software systems. The quality of the RBAC policy design especially role definition has great impact on the system security policy implementation. In this paper we propose a novel role engineering methods with security KAOS (SKAOS), which guide the engineering process via keeping decomposing the functional requirement objective and combining the system security requirement. SKAOS not only simplifies the system userpsilas involvement in the role engineering process via supplying with the objective decomposition but also reduces the complexity of the operation analysis. After building the objective decomposition and activity analysis diagrams, the role definition can be delivered. We illustrate the effectiveness of our method via analyzing a real world requirement problem.

Ding Xiaoming,Kuang Li

DOI: https://doi.org/10.3969/j.issn.1000-386X.2011.06.033

2011-01-01

Abstract:For the inadequacies of classic RBAC model such as the cumbersome operation in complex application systems and the difficulty to map organisation structures,we propose a constrained RBAC model supporting role bidirectional inheritance,BI-RBAC.The model extends the classic RBAC model,adds virtual role and its hierarchy to support the role bidirectional inheritance,and define the concept of resource operation.While giving the formal definition of the model,the access control algorithm is designed as well.The model has been applied to the self-developed large-scale Jtang Middleware platform,and can well support the Hundsun stock exchange system and other large application systems.

Li Ma,Shilong Ma,Jianghua Lv,Yuefei Sui

DOI: https://doi.org/10.1109/ICCIT.2009.29

2009-01-01

Abstract:Applications in the open and dynamic environment become more intelligent and complicated. To secure these applications is a big challenge. RBAC model, as a de facto standard in access control field, is widely used in many applications. But the lack of dynamic and formal method to describe RBAC makes the model can’t completely adapt to the open and dynamic environment. To solve this problem, we introduce a three level RBAC model which unifies the administrative components, the administrative actions and the regular RBAC components, and also proposes a dynamic description logic, called DDLRBAC, to formalize the three level model. Based on the formal description of RBAC with DDLRBAC, an executable action decision algorithm to guarantee the dynamic consistency of systems is also presented.

Q Li,JP Shi,SH Qing

DOI: https://doi.org/10.1109/icebe.2005.23

2005-01-01

Abstract:Role-based access control (RBAC) model has been widely deployed for Web security. In some large-enterprise-wide situations, however, this model is difficult to manage due to huge amount of users, roles and interrelationships. As a result, the applications of this model are greatly limited. To address this problem, we present in this paper a decentralized RBAC model (DRBAC) by proposing a new concept of groups and by introducing non-trivial modifications to the user-role assignment of the existing models

ZHANG LUQIAO,CHEN AIDONG,QIN ZHIGUANG

DOI: https://doi.org/10.3969/j.issn.1008-0570.2007.01.124

2007-01-01

Abstract:Since the proposal of RBAC96, a lot of RBAC model appeared. However, when applied to practical systems, they do not work effectively as they supposed to do. The results always come to an end that people returned to simple access control model using the concept of user- group. In this passage, several effective models are described, and then UARBAC model is proposed based on them. After that, a prototype of file access control system using UARBAC model is proposed.

LIAO Er-chong,XU Xiao-fei,LIU Xu-dong,ZHAN De-chen

DOI: https://doi.org/10.16208/j.issn1000-7024.2008.18.054

2008-01-01

Abstract:The traditional RBAC model has two disadvantages,the permission-control is a little coarse and is not enough convenient for further software reuse.To resolve these problems,an extended RBAC model is put forward.The ranks of permission is refined and the process of permission-control with meta-data is described.The model can implement dynamic configuration of permission,and improve software reusability.The modelhas been applied to a software project in an enterprise,which proves that itis one correct and effective model.

Deqing Zou,Jong Hyuk Park,Tai-hoon Kim,Xueguang Chen

DOI: https://doi.org/10.1109/fgcn.2007.152

2007-01-01

Abstract:It now becomes a trend to implement the interconnections between resources as well as services in ubiquitous systems. Attribute-based authorization mechanisms, protocols and systems are gaining in popularity, such as SAML, XACML, Shibboleth, etc. However, their management efficiency could be further improved. The Role-based Access Control (RBAC) mechanism is widely accepted as a general mechanism for authorization management. However, RBAC is still not flexible enough to address various application scenarios in ubiquitous systems. We propose a new architecture for access control in ubiquitous systems that impose attribute and status constraints on the RBAC model, which can significantly enhance the generality and flexibility of authorization by integrating the advantages of RBAC and attributed- based access control models. Moreover, the state mechanism proposed in this architecture captures the states of the authorization elements so as to reflect the outcomes of the authorization control. Finally, we analyze the flexibility and generality of this architecture in ubiquitous systems.

Li Ma,Shilong Ma,Yuefei Sui

DOI: https://doi.org/10.3969/j.issn.1002-137X.2010.03.006

2010-01-01

Abstract:A new description logic-based representation for role-based accesss control(RBAC) model was proposed.RBAC sets and relations were translated as concepts and roles in the description logic respectively.To express RBAC role default inheritance and constraint conditions,symbols that represented role composition and inclusion were introduced to the basic description logic language,such that some RBAC default inheritance properties,such as role hierarchy(RH) transitivity,user-role assignment(UA) inheritance and permission-role assignment(PA) inheritance,and some RBAC constraints,such as static and dynamic separation of duty relations,can be represented formally.By integrating default inheritance with constraints in one formal system,the new inheritance relations that violate the access control strategy can be limited with the help of description logic reasoning mechanisms.