Resource and Role Hierarchy Based Access Control for Resourceful Systems

Role based access control (RBAC) has been used extensively in practice since it naturally capturing the structure of the users in an organization. It is especially useful in multi-tenant cloud platforms. However, with the growing amount of data and growing number of devices, assigning permissions for these resources (such as data and devices) to roles become challenging. We develop a resource hierarchy based permission model and integrate it with RBAC to create the RRBAC (resource and role based access control) model to simplify the permission assignment in RBAC. However, realizing RRBAC requires careful design to ensure efficient permission assignment, validation, and revocation. Instead of using policy based solutions, such as XACML, we design a resource tree based approach to achieve high performance for various permission related operations. Preliminary experiments show that RRBAC approach can achieve more efficient permission assignment and validation.

[1]  David F. Ferraiolo,et al.  Guide to Attribute Based Access Control (ABAC) Definition and Considerations , 2014 .

[2]  Bhavani M. Thuraisingham,et al.  Role-based integrated access control and data provenance for SOA based net-centric systems , 2011, Proceedings of 2011 IEEE 6th International Symposium on Service Oriented System (SOSE).

[3]  Farokh B. Bastani,et al.  Multi-tenant Access and Information Flow Control for SaaS , 2016, 2016 IEEE International Conference on Web Services (ICWS).

[4]  Farokh B. Bastani,et al.  Toward Semantic Enhancement of Monitoring Data Repository , 2016, 2016 IEEE Tenth International Conference on Semantic Computing (ICSC).

[5]  Xin Jin,et al.  RABAC: Role-Centric Attribute-Based Access Control , 2012, MMM-ACNS.

[6]  Elisa Bertino,et al.  Secure collaboration in mediator-free environments , 2005, CCS '05.