Expressing User Access Authorization Exceptions in Conventional Role-Based Access Control
نویسندگان
چکیده
In this paper we present a systematic categorization of the user access authorization exceptions which may occur in conventional role-based access control models. We propose a slightly revised NIST RBAC model which allows us to express all the authorization exceptions we consider. We give a formal definition of the model and show how it can be implemented in DATALOG with negation to give simple and efficient algorithm for computing authorization decisions. As an illustration, we present a simple case study from the domain of medical informatics and show how a range of different kinds of authorization exceptions that may arise in such a domain can be expressed in our approach.
منابع مشابه
Access control in ultra-large-scale systems using a data-centric middleware
The primary characteristic of an Ultra-Large-Scale (ULS) system is ultra-large size on any related dimension. A ULS system is generally considered as a system-of-systems with heterogeneous nodes and autonomous domains. As the size of a system-of-systems grows, and interoperability demand between sub-systems is increased, achieving more scalable and dynamic access control system becomes an im...
متن کاملConstrained Role-based Delegation
Delegation is a proIIlIsmg alternative to traditional role administration paradigms in role-based systems. It empowers users to exercise discretion in how they use resources as it is in discretionary access control (DAC). Unlike the anarchy of DAC, in role-based access control (RBAC) higher-level organizational policies can be specified on roles to regulate user's action. Delegations and revoca...
متن کاملEnforcing RBAC Policies over Data Stored on Untrusted Server (Extended Version)
One of the security issues in data outsourcing is the enforcement of the data owner’s access control policies. This includes some challenges. The first challenge is preserving confidentiality of data and policies. One of the existing solutions is encrypting data before outsourcing which brings new challenges; namely, the number of keys required to access authorized resources, efficient policy u...
متن کاملAttribute-based Access Control for Cloud-based Electronic Health Record (EHR) Systems
Electronic health record (EHR) system facilitates integrating patients' medical information and improves service productivity. However, user access to patient data in a privacy-preserving manner is still challenging problem. Many studies concerned with security and privacy in EHR systems. Rezaeibagha and Mu [1] have proposed a hybrid architecture for privacy-preserving accessing patient records...
متن کاملAuthorization models for secure information sharing: a survey and research agenda
This article presents a survey of authorization models and considers their 'fitness-for-purpose' in facilitating information sharing. Network-supported information sharing is an important technical capability that underpins collaboration in support of dynamic and unpredictable activities such as emergency response, national security, infrastructure protection, supply chain integration and emerg...
متن کامل