A Trust and Unauthorized Operation Based RBAC (TUORBAC) Model

This paper introduces trust and unauthorized operation to traditional RBAC model, and proposes a trust and unauthorized operation based RBAC model (TUORBAC model). The model has greatly improved in safety compared to traditional RBAC model. Before user activates the roles, TUORBAC model downgrade the roles of user according to the average severity of user historical unauthorized operation. When the average severity of user historical unauthorized operation is high, we directly downgrade roles of user to the lowest. Otherwise, we calculate the value of trust, and downgrade the roles of user according to the value of trust, finally activate downgrade roles. In addition, the model introduces downgrade roles, which stored downgrade roles of user. If downgrade roles are nonempty, we directly activate downgrade roles without re-judged, which improves the efficiency of the system.

[1]  Hua Hu,et al.  Actor and Trust-Based Dynamic Access Control Model in Universal Computing Environment , 2008, 2008 Second International Symposium on Intelligent Information Technology Application.

[2]  Ali Ahmed,et al.  Trust-aware access control: How recent is your transaction history? , 2012, 2012 Second International Conference on Digital Information and Communication Technology and it's Applications (DICTAP).

[3]  James B. D. Joshi,et al.  A trust-and-risk aware RBAC framework: tackling insider threat , 2012, SACMAT '12.

[4]  Junshan Li,et al.  A Trust and Context Based Access Control Model for Distributed Systems , 2008, 2008 10th IEEE International Conference on High Performance Computing and Communications.

[5]  Hee Yong Youn,et al.  Dynamic Role-Based Access Control with Trust-Satisfaction and Reputation for Multi-agent System , 2010, 2010 IEEE 24th International Conference on Advanced Information Networking and Applications Workshops.

[6]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[7]  Morteza Amini,et al.  Trust-Based User-Role Assignment in Role-Based Access Control , 2007, 2007 IEEE/ACS International Conference on Computer Systems and Applications.

[8]  Indrajit Ray,et al.  TrustBAC: integrating trust relationships into the RBAC model for access control in open systems , 2006, SACMAT '06.

[9]  Hong-gang Lin Research on Trust-Degree Based Dynamic Access Control Model , 2010, 2010 International Conference on E-Product E-Service and E-Entertainment.

[10]  Xiao-jun Zhu,et al.  Dynamic Authorization of Grid Based on Trust Mechanism , 2010, 2010 International Symposium on Intelligence Information Processing and Trusted Computing.