Role Based Access Control for Web-Based Teaching Systems

A role based authorization program (RBAP) is a logic based framework which supports administrative privilege delegations for both roles and access rights. In this paper, we discuss how the application of RBAP can help in improving the security aspects of web-based teaching environments. To achieve this, various roles, objects, access rights and their delegations in such environments are defined. We also show how RBAP can be used to assist with specifying access control policies and role constraints and evaluating the appropriateness for utilization in web-based teaching environments.

[1]  Sushil Jajodia,et al.  A logical language for expressing authorizations , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[2]  Joan Feigenbaum,et al.  Delegation logic: A logic-based approach to distributed authorization , 2003, TSEC.

[3]  Ravi S. Sandhu,et al.  The ARBAC99 model for administration of roles , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[4]  Yuri Gurevich,et al.  DKAL: Distributed-Knowledge Authorization Language , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[5]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.