Role-based proactive scheme in an access control hierarchy

Abstract Different from the user hierarchy access control (UHAC), we propose a role-based proactive hierarchy access control (RBPHAC) to raise the trust level and facilitate the management of permissions in access control scheme. With both the role-based concept and proactive security, the RBPHAC scheme can easily adjust classes and roles change to give adaptable permissions from UHAC scheme. The proposed scheme employs the proactive security mechanism to strengthen the securities via refreshing their secret keys. The spirit given in our scheme is that the access control scheme uses a server managing the hierarchy class secret (HCS for short) keys in charge of performing the files or the information secure access. The RBPHAC scheme different from UHAC uses the secret key associated with the role of user in hierarchical structure to encrypt/decrypt and convey the files. As a whole, the RBPHAC scheme remedies the shortcomings of the management of the UHAC schemes and makes UHAC schemes securer and easier to implement in real systems.

[1]  Ravi S. Sandhu,et al.  Role activation hierarchies , 1998, RBAC '98.

[2]  David F. Ferraiolo,et al.  Role Based Access Control for the World Wide Web , 1997 .

[3]  Ravi S. Sandhu,et al.  Configuring role-based access control to enforce mandatory and discretionary access control policies , 2000, TSEC.

[4]  Gail-Joon Ahn,et al.  Role-based access control on the web , 2001, TSEC.

[5]  Rafail Ostrovsky,et al.  How to withstand mobile virus attacks (extended abstract) , 1991, PODC '91.

[6]  Selim G. Akl,et al.  Cryptographic solution to a problem of access control in a hierarchy , 1983, TOCS.

[7]  Jean Bacon,et al.  A model of OASIS role-based access control and its support for active security , 2002, ACM Trans. Inf. Syst. Secur..

[8]  Ran Canetti,et al.  Proactive Security: Long-term protection against break-ins , 1997 .

[9]  Ravi S. Sandhu,et al.  Separation of Duties in Computerized Information Systems , 1990, DBSec.

[10]  Moti Yung,et al.  Proactive RSA , 1997, CRYPTO.

[11]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[12]  Jean Bacon,et al.  A model of OASIS role-based access control and its support for active security , 2001, TSEC.

[13]  Chin-Chen Chang,et al.  Crypographic key assignment scheme for access control in a hierarchy , 1992, Inf. Syst..

[14]  Markus Jakobsson,et al.  Proactive public key and signature systems , 1997, CCS '97.

[15]  Elisa Bertino,et al.  A generalized temporal role-based access control model , 2005, IEEE Transactions on Knowledge and Data Engineering.

[16]  Der-Chyuan Lou,et al.  Spatial database with each picture self-contained multiscape and access control in a hierarchy , 2001, J. Syst. Softw..

[17]  Chu-Hsing Lin,et al.  Hierarchical key assignment without public-key cryptography , 2001, Comput. Secur..

[18]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[19]  Sylvia L. Osborn,et al.  The role graph model and conflict of interest , 1999, TSEC.

[20]  Hugo Krawczyk,et al.  Robust Threshold DSS Signatures , 1996, Inf. Comput..

[21]  Elisa Bertino,et al.  TRBAC , 2001, ACM Trans. Inf. Syst. Secur..

[22]  Rafail Ostrovsky,et al.  How To Withstand Mobile Virus Attacks , 1991, PODC 1991.