Abstract
In current operating systems, the strength of authentication mechanism does not work on the authorization of the user, which leaves the system security compromise that the user who has passed weak authentication mechanism may have many access rights. This paper firstly puts forwards the thought of authentication trustworthiness, the aim is to give each authenticated user his authentication trustworthiness. According to user’s trustworthiness, the system will decide which access rights he will have. The more strength is the authentication mechanism, the larger is the user’s authentication trustworthiness. The user’s authentication trustworthiness will be taken as one of access control decision elements, so as to prevent the user with less trustworthiness from owning many access rights. Based on the authentication trustworthiness, this paper puts forwards the authentication trustworthiness-based RBAC model. The model associates authentication trustworthiness withRBAC model, and the authentication trustworthiness of the authenticated user will be decision information to activate his roles and permissions, only those users who satisfy role trust activation condition can activate their roles, users who satisfy permission trust activation condition can activate their permissions. The model provides trust authorization by user’s role and permissions trust activation, satisfies the requirement that different authentication mechanisms with different strength will correspond to different access rights.
Supported by the National High-Tech Research and Development Plan of China under Grant No.2002AA1Z2101, “Operating System kernel for Server”.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Samar, V., Lai, C.: Making login services independent of authentication technologies. Sun Microsystems (1995), http://java.sun.com/security/jaas/doc/pam.html
Sandu, R.S., et al.: Role-Based Access Control Models. IEEE computer 29(2), 38–47 (1996)
Sandu, R.S., et al.: Role-based Access Control: A Multi-Dimension Vies. In: Proc. Of the 10th Annual Conf. On Computer Security Applications (1994)
Ferraiolo, D.F., Sandhu, R., Gavrila, S.: Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security 4(3), 224–274 (2001)
Ahn, G.-J., Sandhu, R.: Role-Based authorization constraints specification. ACM Transactions on Information and System Security 3(4), 207–226 (2000)
Dong, G.Y., Qing, S.H., Liu, K.: Role-based authorization constraint with time character. Journal of Software 13(8), 1521–1527 (2002)
Jaeger, T.: On the increasing importance of constraints. In: Proceedings of 4th ACM Workshop on Role-Based Access Control, pp. 33–42. ACM Press, Fairefax (1999)
Chen, F., Sandhu, R.: Constraints for role-based access control. In: Proceedings of the ACM RBAC Workshop, pp. 39–46. ACM Press, MD (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wang, L., Wei, L., Liao, X., Wang, H. (2004). AT-RBAC: An Authentication Trustworthiness-Based RBAC Model. In: Jin, H., Pan, Y., Xiao, N., Sun, J. (eds) Grid and Cooperative Computing - GCC 2004 Workshops. GCC 2004. Lecture Notes in Computer Science, vol 3252. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30207-0_43
Download citation
DOI: https://doi.org/10.1007/978-3-540-30207-0_43
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23578-1
Online ISBN: 978-3-540-30207-0
eBook Packages: Springer Book Archive