Systems and security products based on the RBAC model have been widely introduced to enterprises. Especially, the demands on enforcement of enterprise-level security policies and total identity management are rapidly growing. The RBAC model needs to be extended to deal with various circumstances of large enterprises, such as geographical distribution and heterogeneous environments including phy...

This paper presents a pair of role-based access control models for workflow systems, collectively known as the W-RBAC models. The first of these models, W0-RBAC is based on a framework that couples a powerful RBAC-based permission service and a workflow component with clear separation of concerns for ease of administration of authorizations. The permission service is the focus of the work, prov...

Access control is a difficult security issue for enterprise organizations. Role-based access control (RBAC) model is well known and recognized as a good security model for enterprise environment. Though RBAC is a good model, administration of RBAC including building and maintaining access control information remains a difficult problem in large companies. RBAC model itself does not tell the sol...

The rapid growth of the Internet and a range of web applications bring the urgency of security issues, especially for access control. Role-based Access Control (RBAC) is recognized as a superior alternative and less error-prone to traditional discretionary and mandatory access controls. In this paper, we examine the representation of RBAC policies in web applications under distributed environme...

Role-based access control (RBAC) models have generated a great interest in the security community as a powerful and generalized approach to security management and ability to model organizational structure and their capability to reduce administrative expenses. In this paper, we highlight the drawbacks of RBAC models in terms of access control and authorization and later provide a more viable e...

This paper describes the testing the applicability of Role Based Access Control (RBAC) within an existing medical database in the Oncology Department at St. Bartholomew’s Hospital in London, United Kingdom (UK). We show how role hierarchies and RBAC rules are derived for this particular database, and observe the outcomes of our RBAC implementation. Our work is in line with the UK Government’s i...

Role-based access control (RBAC) is a powerful means for laying out and developing higher-level organizational policies such as separation of duty, and for simplifying the security management process. One of the important aspects of RBAC is authorization constraints that express such organizational policies. While RBAC has generated a great interest in the security community, organizations stil...

Role-Based Access Control (RBAC) has been widely used for expressing access control policies. Although RBAC provides flexible mechanisms to control the access to information, it does not control how the information propagates after it is obtained. Formally analyzing information flows resulting from an RBAC policy helps administrators understand the policy and detect potential flaws in the polic...

2 Abstract Role-based access control (RBAC) is a promising alternative to traditional discretionary and mandatory access controls. In RBAC permissions are associated with roles, and users are made members of appropriate roles thereby acquiring the roles' permissions. In this paper we formally show that lattice-based mandatory access controls can be enforced by appropriate connguration of RBAC c...

Role-based access control (RBAC) models have generated a great interest in the security community as a powerful and generalized approach to security management and ability to model organizational structure and their capability to reduce administrative expenses. In this paper, we highlight the drawbacks of RBAC models in terms of access control and authorization and later provide a more viable e...