Authorization approaches for advanced permission-role assignments

Role-based access control (RBAC) has been proven to be a flexible and useful access control model for information sharing in distributed collaborative environments. Permission-role assignments (PRA) is one important process in the access model. However, problems may arise during the procedures of PRA Conflicting permissions may assign to one role, and as a result, the role with the permissions can derive unexpected access capabilities. This paper aims to analyze the problems during the procedures of permission-role assignments in distributed collaborative environments and to develop authorization allocation algorithms to address the problems within permission-role assignments. The algorithms are extended to the case of PRA with the mobility of permission-role relationship. Finally, comparisons with other related work are discussed to demonstrate the effective work of the paper.

[1]  David F. Ferraiolo,et al.  An Examination of Federal and Commercial Access Control Policy Needs , 1993 .

[2]  Sylvia L. Osborn,et al.  On the Interaction Between Role-Based Access Control and Relational Databases , 1996, DBSec.

[3]  Ravi S. Sandhu,et al.  Role activation hierarchies , 1998, RBAC '98.

[4]  Ravi S. Sandhu,et al.  An Oracle implementation of the PRA97 model for permission-role assignment , 1998, RBAC '98.

[5]  Paul F. Syverson,et al.  Onion routing , 1999, CACM.

[6]  Konstantin Beznosov,et al.  Supporting relationships in access control using role based access control , 1999, RBAC '99.

[7]  D. Richard Kuhn,et al.  A role-based access control model and reference implementation within a corporate intranet , 1999, TSEC.

[8]  Paul Syverson,et al.  Onion Routing for Anonymous and Private Internet Connections , 1999 .

[9]  Ravi S. Sandhu,et al.  The ARBAC99 model for administration of roles , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[10]  Jean Bacon,et al.  A model of OASIS role-based access control and its support for active security , 2001, TSEC.

[11]  Jean Bacon,et al.  A model of OASIS role-based access control and its support for active security , 2002, ACM Trans. Inf. Syst. Secur..

[12]  Yanchun Zhang,et al.  Achieving secure and flexible M-services through tickets , 2003, IEEE Trans. Syst. Man Cybern. Part A.

[13]  Yanchun Zhang,et al.  Formal Authorisation Allocation Approaches for Permission-role Assignment Using Relational Algebra Operations , 2003, ADC.

[14]  Yanchun Zhang,et al.  A Global Ticket-Based Access Scheme for Mobile Users , 2004, Inf. Syst. Frontiers.

[15]  Yanchun Zhang,et al.  Anonymous Access Scheme for Electronic Services , 2004, ACSC.

[16]  Yanchun Zhang,et al.  A flexible payment scheme and its role-based access control , 2005, IEEE Transactions on Knowledge and Data Engineering.

[17]  Yanchun Zhang,et al.  Authorization Algorithms for the Mobility of User-Role Relationship , 2005, ACSC.

[18]  Ann Q. Gates,et al.  TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING , 2005 .