Abstract
Many of the advantages of Role Based Access Control (RBAC) accrue from the flexibility of its administrative models. Over the past two decades, several administrative models have been proposed to manage user-role, permission-role and in some cases role-role relations. These models are based on different administrative principles and bring inherent advantages and disadvantages. In this paper, we present a unified model, named Uni-ARBAC, for administering user-role and permission-role relations by combining many of the administrative principles and novel concepts from prior models. For example, instead of administering individual permissions Uni-ARBAC combines permissions into tasks which are assigned to roles as a unit. Slightly differently, users are assigned to user-pools from where individual users are assigned to roles. The central concept of Uni-ARBAC is to integrate user-role and task-role administration into a more manageable unit called an Administrative Unit (AU). AUs partition roles, tasks and user-pools and they are organized in a rooted tree hierarchy. Administrative users are assigned to AUs with possibility of restricting their authority to user-role assignment or task-role assignment. While most existing models assume existence of administrative roles for managing regular roles, we present an approach for engineering AUs based on structured partitioning of roles and tasks.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC: a temporal role-based access control model. TISSEC 4(3), 191–233 (2001)
Bertino, E., Catania, B., Damiani, M.L., Perlasca, P.: GEO-RBAC: a spatially aware RBAC. In: Proceedings of 10th SACMAT, pp. 29–37. ACM (2005)
Bonatti, P., Galdi, C., Torres, D.: ERBAC: event-driven RBAC. In: Proceedings of 18th SACMAT, pp. 125–136. ACM (2013)
Crampton, J.: Understanding and developing role-based administrative models. In: Proceedings of 12th ACM CCS, pp. 158–167 (2005)
Crampton, J., Loizou, G.: Administrative scope: a foundation for role-based administrative models. ACM TISSEC 6(2), 201–231 (2003)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM TISSEC 4(3), 224–274 (2001)
Kern, A.: Advanced features for enterprise-wide role-based access control. In: Proceedings of 18th ACSAC, pp. 333–342. IEEE (2002)
Kern, A., Schaad, A., Moffett, J.: An administration concept for the enterprise role-based access control model. In: Proceedings of 8th ACM SACMAT, pp. 3–11 (2003)
Kuijper, W., Ermolaev, V.: Sorting out role based access control. In: Proceedings of 19th ACM SACMAT, pp. 63–74 (2014)
Li, N., Mao, Z.: Administration in role-based access control. In: Proceedings of 2nd ACM ASIACCS, pp. 127–138 (2007)
Neumann, G., Strembeck, M.: A scenario-driven role engineering process for functional RBAC roles. In: Proceedings of 7th ACM SACMAT, pp. 33–42 (2002)
Oh, S., Park, S.: Task-role-based access control model. Inf. Syst. 28(6), 533–562 (2003)
Oh, S., Sandhu, R.: A model for role administration using organization structure. In: Proceedings of 7th ACM SACMAT, pp. 155–162 (2002)
Sandhu, R.: The ASCAA principles for next-generation role-based access control. In: Proceedings of 3rd ARES (2008)
Sandhu, R., Bhamidipati, V., Munawer, Q.: The ARBAC97 model for role-based administration of roles. ACM TISSEC 2(1), 105–135 (1999)
Sandhu, R., Munawer, Q.: The ARBAC99 model for administration of roles. In: Proceedings of 15th Annual ACSAC, pp. 229–238. IEEE (1999)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)
Wang, H., Osborn, S.L.: An administrative model for role graphs. In: De Capitani di Vimercati, S., Ray, I., Ray, I. (eds.) Data and Applications Security XVII. IFIP, vol. 142, pp. 302–315. Springer, New York (2004)
Zhou, L., Varadharajan, V., Hitchens, M.: Secure administration of cryptographic role-based access control for large-scale cloud storage systems. JCSS 80(8), 1518–1533 (2014)
Acknowledgement
This research is partially supported by NSF Grants CNS-1111925 and CNS-1423481.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Biswas, P., Sandhu, R., Krishnan, R. (2016). Uni-ARBAC: A Unified Administrative Model for Role-Based Access Control. In: Bishop, M., Nascimento, A. (eds) Information Security. ISC 2016. Lecture Notes in Computer Science(), vol 9866. Springer, Cham. https://doi.org/10.1007/978-3-319-45871-7_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-45871-7_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-45870-0
Online ISBN: 978-3-319-45871-7
eBook Packages: Computer ScienceComputer Science (R0)