The Library
CRBAC: imposing multi-grained constraints on the RBAC model in the multi-application environment
Tools
Zou, Deqing, He, Ligang, Jin, Hai and Chen, Xueguang (2009) CRBAC: imposing multi-grained constraints on the RBAC model in the multi-application environment. In: IFIP International Workshop on Network and System Security, Dalian, People's Republic of China, September 18-19, 2007. Published in: Journal of Network and Computer Application, Vol.32 (No.2). pp. 402-411. doi:10.1016/j.jnca.2008.02.015 ISSN 1084-8045.
PDF
jnca.pdf - Draft Version Embargoed item. Restricted access to Repository staff only - Requires a PDF viewer. Download (254Kb) |
Official URL: http://dx.doi.org/10.1016/j.jnca.2008.02.015
Abstract
Interactions between resources as well as services are one of the fundamental characteristics in the distributed multi-application environments. In such environments, attribute-based access control (ABAC) mechanisms are gaining in popularity while the role-based access control (RBAC) mechanism is widely accepted as a general mechanism for authorization management. This paper proposes a new access control model, CRBAC, which aims to combine the advantages of RBAC and ABAC, and integrates all kinds of constraints into the RBAC model. Unlike other work in this area, which only incorporates one or a few particular attribute constraints into RBAC, this paper analyses and abstracts the generic properties of the attribute constraints imposed on authorization systems. Based on these analyses and generalization, two constraints templates are presented, called authorization mapping constraint template and behaviour constraint template. The former template is able to automate the user-role and role-permission mapping, while the latter is used to restrict the behaviours of the authorization entities. The attribute constraints are classified into these two templates. Moreover, the state mechanism is introduced to build up the constraints among the statuses of the entities, and reflect the outcomes of the authorization control as well. Based on the presented templates and the state mechanism, the execution model is developed. A use case is proposed to show the authorization process of our proposed model. The extensive analyses are conducted to show its multi-grained constraints by comparing with other models. (C) 2008 Elsevier Ltd. All rights reserved.
Item Type: | Conference Item (Paper) | ||||
---|---|---|---|---|---|
Subjects: | Q Science > QA Mathematics > QA76 Electronic computers. Computer science. Computer software | ||||
Divisions: | Faculty of Science, Engineering and Medicine > Science > Computer Science | ||||
Journal or Publication Title: | Journal of Network and Computer Application | ||||
Publisher: | Academic Press | ||||
ISSN: | 1084-8045 | ||||
Official Date: | March 2009 | ||||
Dates: |
|
||||
Volume: | Vol.32 | ||||
Number: | No.2 | ||||
Number of Pages: | 10 | ||||
Page Range: | pp. 402-411 | ||||
DOI: | 10.1016/j.jnca.2008.02.015 | ||||
Status: | Peer Reviewed | ||||
Publication Status: | Published | ||||
Access rights to Published version: | Restricted or Subscription Access | ||||
Conference Paper Type: | Paper | ||||
Title of Event: | IFIP International Workshop on Network and System Security | ||||
Type of Event: | Conference | ||||
Location of Event: | Dalian, People's Republic of China | ||||
Date(s) of Event: | September 18-19, 2007 |
Data sourced from Thomson Reuters' Web of Knowledge
Request changes or add full text files to a record
Repository staff actions (login required)
View Item |