论文信息 - Extended RBAC Model with Task-Constraint Rules

Extended RBAC Model with Task-Constraint Rules

RBAC model supports the principle of least privilege by the appropriate combination of roles assigned to users. However, the minimum role set is hard to find. Role hierarchy and inheritance can result in aggregating lots of permissions. To solve this problem, previous work mainly studies the approximate least privilege set by trying to find the minime role sets. However, to reduce the unnecessary privileges is another key issue to solve the problem. To this aim, the concept of task is taken as a kind of constraints introduced to the RBAC model, which contains four constraint rules that can flexibly control the permission inheritance and role activations. An example is showed the four rules can effectively be used to reduce redundanct permissions.

Li Ma | Yanjie Zhou | Wei Duan

[1] Ravi S. Sandhu,et al. Role-Based Access Control Models , 1996, Computer.

[2] Ravi Sandhu,et al. The ASCAA principles for next-generation role-based access control , 2008 .

[3] Jerome H. Saltzer,et al. The protection of information in computer systems , 1975, Proc. IEEE.

[4] Deng Ji. Task-Based Access Control Model , 2003 .

[5] Seog Park,et al. Task-role-based access control model , 2003, Inf. Syst..

[6] Lijun Dong,et al. How to Find a Rigorous Set of Roles for Application of RBAC , 2012, J. Softw..

[7] Wouter Joosen,et al. Least privilege analysis in software architectures , 2011, Software & Systems Modeling.

[8] Cai Jia-Yong,et al. implicit authorization analysis of role-based administrative model , 2009 .

[9] Vijayalakshmi Atluri,et al. Role-based Access Control , 1992 .

[10] Wouter Joosen,et al. Automated Detection of Least Privilege Violations in Software Architectures , 2010, ECSA.