论文信息 - Task-Constrained RBAC Model and Its Privilege Redundancy Analysis

Task-Constrained RBAC Model and Its Privilege Redundancy Analysis

RBAC supports the principle of least privilege by the appropriate combination of roles assigned to users. However, the minimum role set is hard to find. Role hierarchy and inheritance can result in aggregating lots of permissions. To solve this problem, a task-constrained RBAC model is proposed in this paper, which presents four task-constraint rules to restrict the permission inheritance and role activation. An approach to calculate the redundancy of permissions is represented also, which can be used to compare the different opinion on whether single role activation can get less privilege or multiple role activation can.

Li Ma | Min Wen | Yanjie Zhou

[1] Cai Jia-Yong,et al. implicit authorization analysis of role-based administrative model , 2009 .

[2] Vijayalakshmi Atluri,et al. Role-based Access Control , 1992 .

[3] Ravi S. Sandhu,et al. RBAC Standard Rationale: Comments on "A Critique of the ANSI Standard on Role-Based Access Control" , 2007, IEEE Security & Privacy.

[4] Wouter Joosen,et al. Least privilege analysis in software architectures , 2011, Software & Systems Modeling.

[5] Ravi S. Sandhu,et al. Role-Based Access Control Models , 1996, Computer.

[6] Cai Jia. Implicit Authorization Analysis of Role-Based Administrative Model , 2009 .

[7] Elisa Bertino,et al. A Critique of the ANSI Standard on Role-Based Access Control , 2007, IEEE Security & Privacy.

[8] Seog Park,et al. Task-role-based access control model , 2003, Inf. Syst..

[9] Hong Fan,et al. Task-Based Access Control Model , 2003 .

[10] Lijun Dong,et al. How to Find a Rigorous Set of Roles for Application of RBAC , 2012, J. Softw..

[11] Ravi Sandhu,et al. The ASCAA principles for next-generation role-based access control , 2008 .

[12] Deng Ji. Task-Based Access Control Model , 2003 .

[13] Jerome H. Saltzer,et al. The protection of information in computer systems , 1975, Proc. IEEE.