UAQ: a framework for user authorization query processing in RBAC extended with hybrid hierarchy and constraints

A key issue in RBAC systems is how to efficiently handle the user authorization process. That is, whether or not to grant a user's request to acquire a set of requested permissions or to activate a set of requested roles in a single session. The presence of hybrid hierarchies as well as the cardinality and dynamic separation of duty constraints make the issue more complex. In this paper, we define this issue as the user authorization query problem consisting of a role mapping problem and an activation checking problem. We also propose a set of algorithms to solve the role mapping and the activation checking problems. We show that our model is practical and flexible, and can deal with various cases in presence of the hybrid hierarchy and cardinality/DSoD constraints.

[1]  Elisa Bertino,et al.  A generalized temporal role-based access control model , 2005, IEEE Transactions on Knowledge and Data Engineering.

[2]  Jason Crampton,et al.  Inter-domain role mapping and least privilege , 2007, SACMAT '07.

[3]  Clifford Stein,et al.  Introduction to Algorithms, 2nd edition. , 2001 .

[4]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[5]  Elisa Bertino,et al.  A Critique of the ANSI Standard on Role-Based Access Control , 2007, IEEE Security & Privacy.

[6]  Ravi S. Sandhu,et al.  Role activation hierarchies , 1998, RBAC '98.

[7]  James B. D. Joshi,et al.  An RBAC framework for time constrained secure interoperation in multi-domain environments , 2005, 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems.

[8]  David F. Ferraiolo,et al.  Role Based Access Control for the World Wide Web , 1997 .

[9]  James B. D. Joshi,et al.  Supporting authorization query and inter-domain role mapping in presence of hybrid role hierarchy , 2006, SACMAT '06.

[10]  Emil C. Lupu,et al.  The uses of role hierarchies in access control , 1999, RBAC '99.

[11]  Elisa Bertino,et al.  Temporal hierarchies and inheritance semantics for GTRBAC , 2002, SACMAT '02.

[12]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[13]  Elisa Bertino,et al.  Formal foundations for hybrid hierarchies in GTRBAC , 2008, TSEC.

[14]  James B. D. Joshi,et al.  Towards administration of a hybrid role hierarchy , 2005, IRI -2005 IEEE International Conference on Information Reuse and Integration, Conf, 2005..