Generalized role-based access control

Generalized Role-Based Access Control (GRBAC) is a new paradigm for creating and maintaining rich access control policies. GRBAC leverages and extends the power of traditional role based access control (RBAC) by incorporating subject roles, object roles and environment roles into access control decisions. Subject roles are like traditional RBAC roles: they abstract the security-relevant characteristics of subjects into categories that can be used in defining a security policy. Similarly, object roles abstract the various properties of objects, such as object type (e.g., text, JPEG, executable) or sensitivity level (e.g., classified, top secret) into categories. Environment roles capture environmental information, such as time of day or system load so it can be used to mediate access control. Together, these three types of roles offer flexibility and expressive power, as well as a degree of usability not found in current access control models.

[1]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[2]  Prasun Dewan,et al.  Access control for collaborative environments , 1992, CSCW '92.

[3]  Elisa Bertino,et al.  Supporting Periodic Authorizations and Temporal Reasoning in Database Access Control , 1996, VLDB.

[4]  Amir Herzberg,et al.  Access control meets public key infrastructure, or: assigning roles to strangers , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[5]  Pierre Jouvelot,et al.  Semantic file systems , 1991, SOSP '91.

[6]  Mustaque Ahamad,et al.  Generalized Role-Based Access Control for Securing Future Applications , 2000 .

[7]  Udi Manber,et al.  Integrating content-based access mechanisms with hierarchical file systems , 1999, OSDI '99.

[8]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[9]  Simon S. Lam,et al.  Designing a distributed authorization service , 1998, Proceedings. IEEE INFOCOM '98, the Conference on Computer Communications. Seventeenth Annual Joint Conference of the IEEE Computer and Communications Societies. Gateway to the 21st Century (Cat. No.98.

[10]  Jean Bacon,et al.  Access control in an open distributed environment , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[11]  David A. Bell,et al.  Secure computer systems: mathematical foundations and model , 1973 .

[12]  D. E. Bell,et al.  Secure Computer Systems : Mathematical Foundations , 2022 .

[13]  Ravi S. Sandhu,et al.  Role activation hierarchies , 1998, RBAC '98.

[14]  Elisa Bertino,et al.  A Temporal Access Control Mechanism for Database Systems , 1996, IEEE Trans. Knowl. Data Eng..

[15]  Elisa Bertino,et al.  A unified framework for enforcing multiple access control policies , 1997, SIGMOD '97.

[16]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.