A Formal Model for Parameterized Role-Based Access Control

Role-Based Access Control (RBAC) usually enables a higher level view of authorization. In this model, access permissions are assigned to roles and, in turn, roles are allocated to subjects. The usefulness of the RBAC model is well documented. It includes simplicity, consistency, scalability and ease of manageability. In practice, however, only limited versions of RBAC seem to have been successfully implemented, notably in applications such as databases and operating systems. The problem stems from the fact that most applications require a finer degree of authorization than what core RBAC models are able to provide. In theory, current RBAC models can be adapted to capture fine grained authorizations by dramatically increasing the number of distinct roles in these models. However, this solution comes at an unacceptably high cost of allocating low level privileges which eliminates the major benefits gained from having a high level RBAC model.

[1]  Trent Jaeger,et al.  Access control in a virtual university , 1999, Proceedings. IEEE 8th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE'99).

[2]  David M. Eyers,et al.  Policy contexts: controlling information flow in parameterised RBAC , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[3]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[4]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[5]  Pietro Iglio,et al.  Role templates for content-based access control , 1997, RBAC '97.

[6]  Dieter Gollmann,et al.  Computer Security , 1979, Lecture Notes in Computer Science.

[7]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[8]  John Jones,et al.  Formal specification using Z - a modelling approach , 1995 .

[9]  Jean Bacon,et al.  A model of OASIS role-based access control and its support for active security , 2002, ACM Trans. Inf. Syst. Secur..

[10]  Ramez Elmasri,et al.  Fundamentals of Database Systems , 1989 .

[11]  Etienne J. Khayat,et al.  A formal model for flat role-based access control , 2003 .

[12]  Emil C. Lupu,et al.  Reconciling role based management and role based access control , 1997, RBAC '97.