Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Security

ISC 2016: Information Security pp 218–230Cite as

Uni-ARBAC: A Unified Administrative Model for Role-Based Access Control

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9866))

Abstract

Many of the advantages of Role Based Access Control (RBAC) accrue from the flexibility of its administrative models. Over the past two decades, several administrative models have been proposed to manage user-role, permission-role and in some cases role-role relations. These models are based on different administrative principles and bring inherent advantages and disadvantages. In this paper, we present a unified model, named Uni-ARBAC, for administering user-role and permission-role relations by combining many of the administrative principles and novel concepts from prior models. For example, instead of administering individual permissions Uni-ARBAC combines permissions into tasks which are assigned to roles as a unit. Slightly differently, users are assigned to user-pools from where individual users are assigned to roles. The central concept of Uni-ARBAC is to integrate user-role and task-role administration into a more manageable unit called an Administrative Unit (AU). AUs partition roles, tasks and user-pools and they are organized in a rooted tree hierarchy. Administrative users are assigned to AUs with possibility of restricting their authority to user-role assignment or task-role assignment. While most existing models assume existence of administrative roles for managing regular roles, we present an approach for engineering AUs based on structured partitioning of roles and tasks.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC: a temporal role-based access control model. TISSEC 4(3), 191–233 (2001)

    Article  Google Scholar 

  2. Bertino, E., Catania, B., Damiani, M.L., Perlasca, P.: GEO-RBAC: a spatially aware RBAC. In: Proceedings of 10th SACMAT, pp. 29–37. ACM (2005)

    Google Scholar 

  3. Bonatti, P., Galdi, C., Torres, D.: ERBAC: event-driven RBAC. In: Proceedings of 18th SACMAT, pp. 125–136. ACM (2013)

    Google Scholar 

  4. Crampton, J.: Understanding and developing role-based administrative models. In: Proceedings of 12th ACM CCS, pp. 158–167 (2005)

    Google Scholar 

  5. Crampton, J., Loizou, G.: Administrative scope: a foundation for role-based administrative models. ACM TISSEC 6(2), 201–231 (2003)

    Article  Google Scholar 

  6. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM TISSEC 4(3), 224–274 (2001)

    Article  Google Scholar 

  7. Kern, A.: Advanced features for enterprise-wide role-based access control. In: Proceedings of 18th ACSAC, pp. 333–342. IEEE (2002)

    Google Scholar 

  8. Kern, A., Schaad, A., Moffett, J.: An administration concept for the enterprise role-based access control model. In: Proceedings of 8th ACM SACMAT, pp. 3–11 (2003)

    Google Scholar 

  9. Kuijper, W., Ermolaev, V.: Sorting out role based access control. In: Proceedings of 19th ACM SACMAT, pp. 63–74 (2014)

    Google Scholar 

  10. Li, N., Mao, Z.: Administration in role-based access control. In: Proceedings of 2nd ACM ASIACCS, pp. 127–138 (2007)

    Google Scholar 

  11. Neumann, G., Strembeck, M.: A scenario-driven role engineering process for functional RBAC roles. In: Proceedings of 7th ACM SACMAT, pp. 33–42 (2002)

    Google Scholar 

  12. Oh, S., Park, S.: Task-role-based access control model. Inf. Syst. 28(6), 533–562 (2003)

    Article  MATH  Google Scholar 

  13. Oh, S., Sandhu, R.: A model for role administration using organization structure. In: Proceedings of 7th ACM SACMAT, pp. 155–162 (2002)

    Google Scholar 

  14. Sandhu, R.: The ASCAA principles for next-generation role-based access control. In: Proceedings of 3rd ARES (2008)

    Google Scholar 

  15. Sandhu, R., Bhamidipati, V., Munawer, Q.: The ARBAC97 model for role-based administration of roles. ACM TISSEC 2(1), 105–135 (1999)

    Article  Google Scholar 

  16. Sandhu, R., Munawer, Q.: The ARBAC99 model for administration of roles. In: Proceedings of 15th Annual ACSAC, pp. 229–238. IEEE (1999)

    Google Scholar 

  17. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

  18. Wang, H., Osborn, S.L.: An administrative model for role graphs. In: De Capitani di Vimercati, S., Ray, I., Ray, I. (eds.) Data and Applications Security XVII. IFIP, vol. 142, pp. 302–315. Springer, New York (2004)

    Chapter  Google Scholar 

  19. Zhou, L., Varadharajan, V., Hitchens, M.: Secure administration of cryptographic role-based access control for large-scale cloud storage systems. JCSS 80(8), 1518–1533 (2014)

    MathSciNet  MATH  Google Scholar 

Download references

Acknowledgement

This research is partially supported by NSF Grants CNS-1111925 and CNS-1423481.

Author information

Authors and Affiliations

  1. Institute for Cyber Security, University of Texas at San Antonio, San Antonio, USA

    Prosunjit Biswas, Ravi Sandhu & Ram Krishnan

Authors
  1. Prosunjit Biswas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ravi Sandhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ram Krishnan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ravi Sandhu .

Editor information

Editors and Affiliations

  1. University of California , Davies, USA

    Matt Bishop

  2. University of Washington , Tacoma, Washington, USA

    Anderson C A Nascimento

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Biswas, P., Sandhu, R., Krishnan, R. (2016). Uni-ARBAC: A Unified Administrative Model for Role-Based Access Control. In: Bishop, M., Nascimento, A. (eds) Information Security. ISC 2016. Lecture Notes in Computer Science(), vol 9866. Springer, Cham. https://doi.org/10.1007/978-3-319-45871-7_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-45871-7_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-45870-0

  • Online ISBN: 978-3-319-45871-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation