论文信息 - A model for role administration using organization structure

A model for role administration using organization structure

Role-based access control (RBAC) is recognized as an excellent model for access control in an enterprise environment. In large enterprises, effective RBAC administration is a major issue. ARBAC97 is a well-known solution for decentralized RBAC administration. ARBAC97 authorizes administrative roles by means of role ranges' and prerequisite conditions'. Although attractive and elegant in their own right, we will see that these mechanisms have significant shortcomings.We propose an improved role administration model named ARBAC02 to overcome the weaknesses of ARBAC97. ARBAC02 adopts the organization unit for new user and permission pools independent of role or role hierarchy. It uses a refined prerequisite condition. In addition, we present a bottom-up approach to permission-role administration in contrast to the top-down approach of ARBAC97.

Ravi S. Sandhu | Sejong Oh

[1] Ravi S. Sandhu,et al. The URA97 Model for Role-Based User-Role Assignment , 1997, DBSec.

[2] Ravi S. Sandhu,et al. Role-based Administration of User-Role Assignment: The URA97 Model and its Oracle Implementation , 1999, J. Comput. Secur..

[3] Najam Perwaiz. Structured management of role-permission relationships , 2001, SACMAT '01.

[4] Ravi S. Sandhu,et al. Configuring role-based access control to enforce mandatory and discretionary access control policies , 2000, TSEC.

[5] Ravi S. Sandhu,et al. The ARBAC99 model for administration of roles , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[6] Emil C. Lupu,et al. The uses of role hierarchies in access control , 1999, RBAC '99.

[7] Ravi S. Sandhu,et al. The ARBAC97 model for role-based administration of roles: preliminary description and outline , 1997, RBAC '97.

[8] Jonathan D. Moffett,et al. Control principles and role hierarchies , 1998, RBAC '98.

[9] Walid G. Aref,et al. Security models for web-based applications , 2001, CACM.

[10] Ravi S. Sandhu,et al. Role-Based Access Control Models , 1996, Computer.

[11] Sylvia L. Osborn,et al. The role graph model and conflict of interest , 1999, TSEC.