The Transactions of the Korea Information Processing Society (한국정보처리학회논문지)

Korea Information Processing Society (한국정보처리학회)
권호 표지

Permission Inheritance Expression with Role Hierarchy of RBAC

역할기반 접근통제에서 역할 계층에 따른 접근권한 상속의 표현

  • 이상하 (동서울대 전자통신과) ;
  • 조인준 (배재대학교 컴퓨터공학과) ;
  • 천은홍 (우석대학교 정보통신컴퓨터공학부) ;
  • 김동규 (아주대학교 정보 및 컴퓨터공학부)
  • Published : 2000.07.01
Download PDF
⟨ Previous Next ⟩

Abstract

RBAC(Role Based Access Control) has the advantage that reflects the real world because it presents a basic access control model based on user's role in organizations or governments. But in RBAC model, the privileges of the senior roles in these hierarchies are inherited from those of the junior roles, so RBAC model has the privileges problem that he senior are given more privileges than they need. That is, it tends to infringe the Principle of Least Privilege. On the other hand, if we give some excessive constraints on the RBAC model without scrupulous care, it may be meaningless property of role hierarchies. Furthermore, such complicated constraints make it more difficult to mange resources and roles in huge enterprise environments. The purpose of this paper is to solve the problems of role hierarchies such as inefficient role managements and abuse of privileges by using newly presented the backward tag pointer path expression in the inheritance of privileges.

Keywords

References

  1. David F. Ferraiolo, Janet A. Cugini and D. Richard Kuhu, 'Role-Based Access Control(RBAC) : Features and Motivations,' 11th Annual Computer Security Application Conference, pp.554-563, Dec. 1995
  2. D. Richard Kuhn, 'Mutual Exclusion of Role as Means of Implementing Separation of Duty in Role-Based Access Control Systems,' National Institute of Standards and Technology, Jun. 1996 https://doi.org/10.1145/266741.266749
  3. Emil Constantin Lupu, 'A Role-Based Framework for Distributed Systems Management,' University of London, Phd thesis, Jul. 1998
  4. Fang Chen & Ravi Sandhu, 'Constraints for Role Based Access Control,' In Proceedings 1st ACM Wokrshop RBAC, Sep. 1995
  5. Matunda Nyanchama, 'Commercial Integrity, Roles and Object Orientation,' University of Western Ontario, Phd thesis, Sep. 1994
  6. Ravi Sandhu and Venkata Bhamidipati, 'The ARBAC 97 Model for Role-Based Administration of Roles : Preliminary Description and Outline,' Proceedings of Second ACM Workshop on Role-Based Access Control, Nov. 6-7, 1997 https://doi.org/10.1145/266741.266752
  7. Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, and Charles E. Youman, 'Role-Based Access Control Models,' IEEE Computer, Vol.29, No.2, pp.38-47, Feb. 1996
  8. Ravi S. Sandhu, 'Role Hierarchies and Constraints for Lattice-Based Access Control,' Proc. Fourth European Symposium on Research in Computer Security, Sep. 1996
  9. Ravi Sandhu, 'Separation of duties in Computerized Information Systems,' Proc. of the IFIP WG11.3 Workshop on Database Security, Sept. 1990
  10. Serban I. Gavrila and John F. Barkley, 'Formal Specification for Role Based Access Control User/ Role and Role/Role Relationship Management,' NIST. Sep. 1999
  11. W. A. Jansen, 'Inheritance Properties of Role Hierarchies,' 21th National Information Systems Security Conference, Oct. 1998