C-RBAC: Contextual role-based access control model

Widely strewn resources have made organizations engrossed to know not only who, when and from where but also for what purpose an access request has been made to use the organization resources. So a flexible model for role-based access control that support the enforcement and revocation of context aware policies is needed; that not only consider temporal and location but also purposes in order to make access control decisions. In this article, we have presented contextual model that mainly rely on the role-based access control models by keeping in mind the notion of purpose. We introduce spatial purpose roles and spatial purposes, their semantics and provide core model of proposed Contextual Role-Based Access Control Model (C-RBAC) for access control. We emphasize that the privacy protection cannot be easily achieved by traditional access control models because it focuses only on which user is performing what operation on what object. By introducing our model, we show how C-RBAC can make use of purpose oriented roles to make access control decisions which is based on which user can perform what operation on which object with what purpose.

[1]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[2]  M. Sloman,et al.  Domains: a framework for structuring management policy , 1994 .

[3]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[4]  Udi Manber,et al.  Integrating content-based access mechanisms with hierarchical file systems , 1999, OSDI '99.

[5]  Muhammad Nabeel Tahir A SECURE ONLINE MEDICAL INFORMATION SYSTEM IN DISTRIBUTED AND HETEROGENEOUS COMPUTING ENVIRONMENT , 2004 .

[6]  Mustaque Ahamad,et al.  Generalized Role-Based Access Control for Securing Future Applications , 2000 .

[7]  Hai Jin,et al.  RB-GACA: an RBAC based grid access control architecture , 2005, Int. J. Grid Util. Comput..

[8]  Emil C. Lupu,et al.  A role based framework for distributed systems management , 1998 .

[9]  Hai Jin,et al.  RB-GACA: A RBAC Based Grid Access Control Architecture , 2003, GCC.

[10]  Ninghui Li,et al.  Purpose based access control for privacy protection in relational database systems , 2008, The VLDB Journal.

[11]  Elisa Bertino,et al.  An access control model supporting periodicity constraints and temporal reasoning , 1998, TODS.

[12]  Kent E. Seamons,et al.  An access control model for dynamic client-side content , 2003, SACMAT '03.

[13]  Elisa Bertino,et al.  A generalized temporal role-based access control model , 2005, IEEE Transactions on Knowledge and Data Engineering.

[14]  Simon S. Lam,et al.  Designing a distributed authorization service , 1998, Proceedings. IEEE INFOCOM '98, the Conference on Computer Communications. Seventeenth Annual Joint Conference of the IEEE Computer and Communications Societies. Gateway to the 21st Century (Cat. No.98.

[15]  James B. D. Joshi,et al.  LoT-RBAC: A Location and Time-Based RBAC Model , 2005, WISE.

[16]  Peter Pharow,et al.  Applications in health care using public-key certificates and attribute certificates , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[17]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[18]  Vladimir A. Oleshchuk,et al.  Spatial role-based access control model for wireless networks , 2003, 2003 IEEE 58th Vehicular Technology Conference. VTC 2003-Fall (IEEE Cat. No.03CH37484).