Conference Paper

Hybrid role hierarchy for the extended role based access control model.

DOI: 10.1109/LCN.2008.4664239 Conference: LCN 2008, The 33rd IEEE Conference on Local Computer Networks, The Conference on Leading Edge and Practical Computer Networking, Hyatt Regency Montreal, Montreal, Quebec, Canada, 14-17 October 2008, Proceedings
Source: DBLP


Role based access control (RBAC) has emerged as a leading access control model to other traditional access control models. However, the traditional RBAC models can not capture fine-grained authorization with mono-type inheritance. In this paper, we discuss the hybrid inheritance based on our extended RBAC model, which is very desirable for capturing the fine-grained access control permissions. When the hybrid inheritances coexist in a role hierarchy, inferring such indirect relations between a pair of roles can became very complex. In particular, we study how the new inheritance relations between roles that are indirectly related can be easily derived through the inference rules, which provides a basis for formally analyzing the hybrid inheritances.

12 Reads
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Since the 1970s, computer systems have featured multiple applications and served multiple users, leading to heightened awareness of data security issues. System administrators and software developers focused on different kinds of access control to ensure that only authorized users were given access to certain data or resources. One kind of access control that emerged is role-based access control (RBAC). A role is chiefly a semantic construct forming the basis of access control policy. With RBAC, system administrators create roles according to the job functions performed in a company or organization, grant permissions (access authorization) to those roles, and then assign users to the roles on the basis of their specific job responsibilities and qualifications. A role can represent specific task competency, such as that of a physician or a pharmacist. Or it can embody the authority and responsibility of, say, a project supervisor. Roles define both the specific individuals allowed to access resources and the extent to which resources are accessed. For example, an operator role might access all computer resources but not change access permissions; a security officer role might change permissions but have no access to resources; and an auditor role might access only audit trails. Roles are used for system administration in such network operating systems as Novell's NetWare and Microsoft's Windows NT. This article explains why RBAC is receiving renewed attention as a method of security administration and review, describes a framework of four reference models the authors have developed to better understand RBAC and categorize different implementations, and discusses the use of RBAC to manage itself. The authors' framework separates the administration of RBAC from its access control functions.
    Computer 03/1996; 29(2-29):38 - 47. DOI:10.1109/2.485845 · 1.44 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: With the increasing number of users and applications, enterprises or organizations need to effectively protect their important information and easily administrate the security policy. In this paper we analyze the existing access control models and propose an improved role-based access control model and its administration with practical experience to handle with the user privilege assignment relation flexibly.
    Database and Expert Systems Applications, 2007. DEXA '07. 18th International Workshop on; 10/2007
  • [Show abstract] [Hide abstract]
    ABSTRACT: We present the design and implementation of the WebDaemon Security Gateway (WDSG) with the techniques of event-driving, non-blocking IO multiplexing, secure cookies, SSL and caches based on PKI framework and role-based access control (RBAC) policy. It not only supports massive concurrency and avoids the pitfalls of traditional block I/O based design, but also is able to secure all the resources of an enterprise and reduce the cost and complexity of administration.
    Next Generation Information Technologies and Systems, 6th International Workshop, NGITS 2006, Kibbutz Shefayim, Israel, July 4-6, 2006, Proceedings; 01/2006