Role Hierarchies and Constraints forLattice - Based Access
نویسندگان
چکیده
2 Abstract Role-based access control (RBAC) is a promising alternative to traditional discretionary and mandatory access controls. In RBAC permissions are associated with roles, and users are made members of appropriate roles thereby acquiring the roles' permissions. In this paper we formally show that lattice-based mandatory access controls can be enforced by appropriate connguration of RBAC components. Our constructions demonstrate that role hierarchies and constraints are required to effectively achieve this result. We show that variations of the lattice-based ?-property, such as write-up (liberal ?-property) and no-write-up (strict ?-property), can be easily accommodated in RBAC. Our results attest to the exibility of RBAC and its ability to accommodate diierent policies by suitable conngura-tion of role hierarchies and constraints.
منابع مشابه
Term Rewriting for Access Control
We demonstrate how access control models and policies can be represented by using term rewriting systems, and how rewriting may be used for evaluating access requests and for proving properties of an access control policy. We focus on two kinds of access control models: discretionary models, based on access control lists (ACLs), and rolebased access control (RBAC) models. For RBAC models, we sh...
متن کاملTemporal Hierarchy and Inheritance Semantics for GTRBAC
A Generalized Temporal Role Based Access Control (GTRBAC) model that captures an exhaustive set of temporal constraint needs for access control has recently been proposed. GTRBAC’s language constructs allow one to specify various temporal constraints on role, userrole assignments and role-permission assignments. However, the presence of temporal constraints on role enablings and role activation...
متن کاملImproving Scenario-Driven Role Engineering Process with Aspects
Role engineering for role-based access control (RBAC) is a process to define roles, permissions, constraints, and role hierarchies. The scenario-driven role engineering process provides a systematic way to elicit the RBAC components. However, the traceability between those components has not been well analyzed. As a result, it is both time-consuming and error-prone to modify the RBAC components...
متن کاملIRBAC 2000: Secure Interoperability Using Dynamic Role Translation
The secure interaction between two or more administrative domains is a major concern. We examine the issues of secure interoperability between two security domains operating under the Role Based Access Control (RBAC) Model. We propose a model that quickly establishes a exible policy for dynamic role translation. The role hierarchies of the local and foreign domains can be manipulated through ou...
متن کاملAccess Control for Hierarchical Joint-Tenancy
Basic role based access control [RBAC] provides a mechanism for segregating access privileges based upon users' hierarchical roles within an organization. This model doesn't scale well when there is tight integration of multiple hierarchies. In a case where there is joint-tenancy and a requirement for different levels of disclosure based upon a user's hierarchy, or in our case, organization or ...
متن کامل