Role-Based Access Control (RBAC) has been increasingly popular due to its efficiency, flexibility, and scalability. Traditionally, RBAC is concerned with Separation of Duty (SoD) among roles and role hierarchies. However, there have been demands for extensions of RBAC as environments of RBAC systems have changed. As part of response to the demands, privacy RBAC and temporal RBAC have been propo...

This paper describes a uni ed model for role-based access control (RBAC). RBAC is a proven technology for large-scale authorization. However, lack of a standard model results in uncertainty and confusion about its utility and meaning. The NIST model seeks to resolve this situation by unifying ideas from prior RBAC models, commercial products and research prototypes. It is intended to serve as a...

This paper describes a corrected and simplified specification of role-based access control (RBAC) based on the specification in the ANSI standard for RBAC. We give a complete specification of core RBAC, explaining the methodology we used in developing it; we then give a complete specification of hierarchical RBAC, with an additional option for managing the relationship on roles; and we also des...

We present a RBAC policy engineering approach that supports administrators to specify RBAC policies with the help of experts’ knowledge, which is documented using the pattern paradigm. These patterns are formalised in Web Ontology Language (OWL) that enables machine interpretation of experts’ knowledge and reasoning about the RBAC policy. Thus, administrators could specify RBAC policies by choo...

Data security in a mobile context is a critical issue. Over the last few years a new category of location-based services, the Enterprise LBS (ELBS), has emerged focusing on the demands of mobility in organisations. These applications pose challenging requirements, including the need of selective access to ELBS based on the position of mobile users and spatially bounded organisational roles. To ...

RBAC (Role-Based Access Control) is a widely used access control model, which reduces the maintenance cost of classical identitybased access control. However, despite the benefits of RBAC, there are environments in which RBAC can hardly be applied. We present FRBAC (Fuzzy Role-Based Access Control), a generalization of RBAC that fits the requirements of environments where authorization-related ...

In role-based access control (RBAC) permissions are associated with roles, and users are made members of appropriate roles thereby acquiring the roles’ permissions. The principal motivation behind RBAC is to simplify administration. An appealing possibility is to use RBAC itself to manage RBAC, to further provide administrative convenience. In this paper we investigate one aspect of RBAC admini...

Role-Based Access Control (RBAC) has been recognized as a strategy which reduces the cost and complexity of security administration in large-scale networked applications. A general family of RBAC models called RBAC96 was proposed by Sandhu et al. [1], which formally defines the relations among user, role and permission using the notion of set membership. Constraints is an important aspect of RB...

In role-based access control (RBAC) permissions are associated with roles, and users are made members of appropriate roles thereby acquiring the roles’ permissions. The principal motivation behind RBAC is to simplify administration. An appealing possibility is to use RBAC itself to manage RBAC, to further provide administrative convenience. In this paper we investigate one aspect of RBAC admini...

This paper addresses the complexity issues of extended-role based access control (E-RBAC) implemented under an embedded environment. Although E-RBAC can provide more trusted environment than the traditional trusted operating systems by prohibiting the attacks consisting of ordinary operations, it is expected that its implementation has performance overhead due to the procedural constraints of E...