On the role of roles: from role-based to role-sensitive access control

This paper maintains that for an access-control (AC) mechanism tosupport a wide range of policies, it is best to dispense with any built-insemantics for roles in the mechanism itself---be it the semantics of RBAC, orany other---leaving such semantics to be defined by particular policies. Inother words, an AC mechanism should be sensitive to roles, allowingspecific policies to take roles into account for their authorizationdecisions. But it should not be based on any particular interpretationof the structure of roles, or of their effect on access control. The validity of this assertion is demonstrated by showing that a mechanismcalled Law-governed interaction (LGI), which has no built-in concept of roles,can nevertheless support a wide range of policies that take roles intoaccount. These include RBAC itself, its various generalizations, as well asconcepts like budgetary controls, which seems to be quite inconsistent withRBAC. All such policies can be formulated, deployed, and enforced, via asingle scalable, and fully implemented LGI mechanism.

[1]  Konstantin Beznosov,et al.  Supporting relationships in access control using role based access control , 1999, RBAC '99.

[2]  Victoria Ungureanu,et al.  Law-governed interaction: a coordination and control mechanism for heterogeneous distributed systems , 2000, TSEM.

[3]  Elisa Bertino,et al.  TRBAC , 2001, ACM Trans. Inf. Syst. Secur..

[4]  Tuomas Aura,et al.  Distributed Access-Rights Managements with Delegations Certificates , 2001, Secure Internet Programming.

[5]  Jean Bacon,et al.  A model of OASIS role-based access control and its support for active security , 2001, TSEC.

[6]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[7]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[8]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[9]  Victoria Ungureanu,et al.  Formal treatment of certificate revocation under communal access control , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[10]  Gail-Joon Ahn,et al.  Role-based access control on the web , 2001, TSEC.

[11]  Ravi S. Sandhu,et al.  PBDM: a flexible delegation model in RBAC , 2003, SACMAT '03.

[12]  Mark Strembeck,et al.  An approach to engineer and enforce context constraints in an RBAC environment , 2003, SACMAT '03.

[13]  Pietro Iglio,et al.  Role templates for content-based access control , 1997, RBAC '97.

[14]  Elisa Bertino,et al.  A system to specify and manage multipolicy access control models , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[15]  Elisa Bertino,et al.  Dependencies and separation of duty constraints in GTRBAC , 2003, SACMAT '03.

[16]  D. Richard Kuhn,et al.  A role-based access control model and reference implementation within a corporate intranet , 1999, TSEC.

[17]  Naftaly H. Minsky,et al.  Flexible Regulation of Distributed Coalitions , 2003, ESORICS.

[18]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[19]  Mustaque Ahamad,et al.  Generalized role-based access control , 2001, Proceedings 21st International Conference on Distributed Computing Systems.

[20]  Naftaly H. Minsky,et al.  The Imposition of Protocols Over Open Distributed Systems , 1991, IEEE Trans. Software Eng..

[21]  Jean Bacon,et al.  A model of OASIS role-based access control and its support for active security , 2002, ACM Trans. Inf. Syst. Secur..