Flexible authorisation in dynamic e-business environments using an organisation structure-based access control model

In dynamic e-business and e-manufacturing environments, enterprises require a secure access control mechanism based on an access control model to manage employee authorisations flexibly. This study presents an organisation structure-based access control (OSAC) model based on a task-role-based access control (T-RBAC) model. The OSAC model emphasises that employee authorisations are generated directly based on their position in the enterprise organisational structure. The proposed model extends the concepts of static separation of duty (SSD), dynamic separation of duty (DSD), prerequisite, and cardinality constraints in the role-based access control (RBAC) model to present department and role relations that identify the cooperative interactive relations among roles across department boundaries to facilitate resource sharing among roles and simplify enterprise resource management. Various relations and applied examples are demonstrated using the class model in unified modelling language (UML). Examples of inappropriate use of relations that lead to violation of relation are also presented. To demonstrate the feasibility of the proposed model for most businesses, a case study involving an automobile component producer is presented and an OSAC model-based administrative management system is developed to ensure that appropriate resources can be legally used by the correct employees and at the right time. By applying the proposed model, administrators can easily manage resources based on an organisational structure perspective and the resource sharing capabilities of all departments can be improved.

[1]  Chen Youping Task-role-based access control model , 2006 .

[2]  Ravi S. Sandhu,et al.  A model for attribute-based user-role assignment , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[3]  Dake He,et al.  Research on object-oriented role-based access control model , 2003, Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies.

[4]  Doo-Kwon Baik,et al.  Symmetric RBAC model that takes the separation of duty and role hierarchies into consideration , 2004, Comput. Secur..

[5]  Dennis G. Kafura,et al.  An XACML-based policy management and authorization service for globus resources , 2003, Proceedings. First Latin American Web Congress.

[6]  Seog Park,et al.  Task-role-based access control model , 2003, Inf. Syst..

[7]  Jan H. P. Eloff,et al.  Designing role hierarchies for access control in workflow systems , 2001, 25th Annual International Computer Software and Applications Conference. COMPSAC 2001.

[8]  Axel Kern,et al.  Advanced features for enterprise-wide role-based access control , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[9]  Andreas Schaad,et al.  An administration concept for the enterprise role-based access control model , 2003, SACMAT '03.

[10]  Jean Bacon,et al.  A model of OASIS role-based access control and its support for active security , 2001, TSEC.

[11]  Fumio Mizoguchi,et al.  Design of collaborative agent system with access control for smart-office environment , 2001, Proceedings Tenth IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises. WET ICE 2001.

[12]  Edward C. Cheng,et al.  An object-oriented organizational model to support dynamic role-based access control in electronic commerce applications , 1999, Proceedings of the 32nd Annual Hawaii International Conference on Systems Sciences. 1999. HICSS-32. Abstracts and CD-ROM of Full Papers.

[13]  Wang Chang-Ji,et al.  Using attribute certificate to design role-based access control , 2003, Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies.

[14]  Dennis G. Kafura,et al.  First experiences using XACML for access control in distributed systems , 2003, XMLSEC '03.

[15]  Ramaswamy Chandramouli,et al.  The role control center: features and case studies , 2003, SACMAT '03.

[16]  Grzegorz Ko Specification and Verification of Constraints in Role Based Access Control for Enterprise Security System. , 2003 .

[17]  Vijay Varadharajan,et al.  A logic for state transformations in authorization policies , 1997, Proceedings 10th Computer Security Foundations Workshop.

[18]  Joon S. Park,et al.  Role-based access control for collaborative enterprise in peer-to-peer computing environments , 2003, SACMAT '03.

[19]  Indrakshi Ray,et al.  Using uml to visualize role-based access control constraints , 2004, SACMAT '04.

[20]  Jonathan D. Moffett,et al.  Control principles and role hierarchies , 1998, RBAC '98.

[21]  Günther Pernul,et al.  Administration of an RBAC system , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.

[22]  Ravi S. Sandhu,et al.  PBDM: a flexible delegation model in RBAC , 2003, SACMAT '03.

[23]  Joon S. Park,et al.  A composite rbac approach for large, complex organizations , 2004, SACMAT '04.

[24]  Ravi S. Sandhu,et al.  A model for role administration using organization structure , 2002, SACMAT '02.

[25]  Seunghun Jin,et al.  On modeling system-centric information for role engineering , 2003, SACMAT '03.

[26]  Gail-Joon Ahn,et al.  Specification and classification of role-based authorization policies , 2003, WET ICE 2003. Proceedings. Twelfth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, 2003..

[27]  Richard L. Daft,et al.  Organization Theory and Design , 1983 .