Abstract
Role Based Access Control (RBAC) [6] is a popular approach to specify and enforce security policies in organizations. In RBAC, users are not directly assigned permission but with the use of roles as the intermediary. Role activation is one important component in RBAC. A user may activate a subset of his/her assigned roles to exercise the associated permission. This paper proposes a number of ways in which the role activation constraints can be specified and enforced in the enterprise environment. Also, an access control model and an authorization process are proposed to support the specification and enforcement of dynamic separation of duty constraints in a decentralized manner.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bhamidipat, V., Sandhu, R.: Push architectures for user-role assignment. In: National Information Systems Security Conference (2000)
Bhatti, R., Joshi, J., Bertino, E., Ghafoor, A.: X-GTRBAC admin: a decentralized administration model for enterprise wide access control. In: SACMAT 2004: Proceedings of the ninth ACM symposium on Access control models and technologies, pp. 78–86. ACM Press, New York (2004)
Dunlop, N., Indulska, J., Raymond, K.: Dynamic policy model for large evolving enterprises. In: EDOC, p. 193 (2001)
Eloff, J.H.P.: Separation of duties for access control enforcement in workflow environments. IBM Systems Journal 40(3), 666–682 (2001)
Ferraiolo, D.F., Barklery, J.F., Richard Kuhn, D.: A role-based access control model and reference implementation within a corporate intranet. ACM Transactions on Information and System Security 2(1), 34–64 (1999)
Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role-based access control. Artech House, Boston (2003)
Hine, J.H., Yao, W., Bacon, J., Moody, K.: An architecture for distributed oasis services. In: Coulson, G., Sventek, J. (eds.) Middleware 2000. LNCS, vol. 1795, pp. 104–120. Springer, Heidelberg (2000)
Oh, S., Sandhu, R.: A model for role administration using organization structure. In: Proceedings of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT 2002), Monterey, Calif., June 3-4, pp. 155–162. ACM, New York (2002)
Park, J.S., Sandhu, R.S., Ghanta, S.: Rbac on the web by secure cookies. In: DBSec, pp. 49–62 (1999)
Perwaiz, N.: Structured management of role-permission relationships. In: ACM Workshop on Role Based Access Control archive Proceedings of the sixth ACM symposium on Access control models and technologies, Chantilly, Virginia, United States, pp. 163–169 (2001)
Sandhu, R., Chandramouli, R.: Role based access control features in commercial database management systems. In: 21st National Information Systems Security Conference, Crystal City, Virginia, October 6-9 (1998)
Sandhu, D.F.R., Kuhn, R.: The nist model for role-based access control: Towards a unified standard. In: ACM Workshop on Role-Based Access Control (2000)
Sandhu, R.: Transaction control expressions for separation of duties. In: Proc. of the Fourth Computer Security Applications Conference, pp. 282–286 (1998)
Sandhu, R.: Role activation hierarchies. In: Symposium on Access Control Models and Technologies archive Proceedings of the third ACM workshop on Role-based access control, Fairfax, Virginia, United States, pp. 33–40 (1998) ISBN:1-58113-113-5
Sandhu, R.S., Munawer, Q.: The ARBAC 1999 model for administration of roles. In: Annual Computer Security Applicarions Conference, p. 229 (1999)
Simon, R.T., Zurko, M.E.: Separation of duty in role-based environments. In: IEEE Computer Security Foundations Workshop, pp. 183–194 (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lui, R.W.C., Chow, S.S.M., Hui, L.C.K., Yiu, S.M. (2005). Role Activation Management in Role Based Access Control. In: Boyd, C., González Nieto, J.M. (eds) Information Security and Privacy. ACISP 2005. Lecture Notes in Computer Science, vol 3574. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11506157_30
Download citation
DOI: https://doi.org/10.1007/11506157_30
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-26547-4
Online ISBN: 978-3-540-31684-8
eBook Packages: Computer ScienceComputer Science (R0)