Abstract
Role-based access control (RBAC) models have received broad support as a generalized approach to access control. However, there are requirements to limit the maximum number of usage times of roles assigned to users, that cannot be modeled under current RBAC models. We present UC-RBAC model, an extended RBAC model, to tackle such dynamic aspects. UC-RBAC supports such constraints during periodic time. The constraints can be set to limit the usage of a role of both a specified user and all users assigned to the role. The formal definition and semantics of the model are presented.
This research was supported in part by NSFC Grant 60025205, 60273027, Chinese National 973 Project G1999035802 and Chinese National 863 Project 2002AA141080.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Sandhu, R., Ferraiolo, D., Kuhn, D.: The NIST model for role-based access control: towards a unified standard. In: Proceedings of Fifth ACM Workshop on Role-Based Access Control, Phoenix, AZ, pp. 47–63 (2000)
Tassey, G., Gallaher, M.P., et al.: Economic Impact Assessment of NIST’s Role-Based Access Control (RBAC) Program (2003), http://www.nist.gov/director/prog-ofc/report02-1.pdf
American National Standard for Information Technology – Role Based Access Control (2003), http://csrc.nist.gov/rbac/rbac-std-ncits.pdf
Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC: A temporal role-based access control model. ACM Transactions on Information and System Security (TISSEC) 4(3), 191–233 (2001)
Barka, E., Sandhu, R.: A role-based delegation model and some extensions. In: Proceedings of the 23rd National Information Systems Security Conferencem, Baltimore, Md., October 2000, pp. 16–19 (2000)
Jaeger, T.: On the increasing importance of constraints. In: Proceedings of the fourth ACM workshop on Role-based access control, October 28–29, pp. 33–42 (1999)
Ferraiolo, D., Kuhn, D.: Role based access control. In: Proceedings of the 15th Annual Conference on National (USA) Computer Security, Gaithersburg, MD, pp. 554–563 (1992)
Sandhu, R., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Models. Computer 29(2), 38–47 (1996)
Sandhu, R.: Role hierarchies and constraints for lattice-based access controls. In: Bertino, E. (ed.) Proceedings of the Fourth European Symposium on Research in Computer Security (ESORICS 1996), Rome, Italy, September 1996, Springer, Heidelberg (1996)
Giuri, L., Iglio, P.: A formal model for role-based access control with constraints. In: Proceedings of 9th IEEE Workshop on Computer Security Foundations, Kenmare, Ireland, pp. 136–145. IEEE Press, Piscataway (1996)
Ahn, G.-J., Sandhu, R.: Role-based authorization constraints specification. ACM Transactions on Information and System Security (TISSEC) 3(4), 207–226 (2000)
Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC: A temporal role-based access control model. ACM Transactions on Information and System Security (TISSEC) 4(3), 191–233 (2001)
Bertino, E., Bettini, C., Ferrari, E., Samarati, P.: An access control model supporting periodicity constraints and temporal reasoning. ACM Transactions on Database Systems (TODS) 23(3), 231–285 (1998)
Niezette, M., Stevenne, J.: An efficient symbolic representation of periodic time. In: Proc. First International Conference on Information and Knowledge Management (1992)
Abrams, M., et al.: Generalized Framework for Access Control: Towards Prototyping the ORGCON Policy. In: Proceedings of the 14th National Computing Security Conference, pp. 257–266 (1991)
Park, J., Sandhu, R.: Towards Usage Control Models: Beyond Traditional Access Control. In: Proc. of the 7th ACM Symposium on Access Control Models and Technologies (2002)
Park, J., Sandhu, R.: Originator Control in Usage Control. In: 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY 2002), June 5-7, pp. 60–68 (2002)
Crampton, J.: Specifying and enforcing constraints in role-based access control. In: Proceedings of the eighth ACM symposium on Access control models and technologies, pp. 43–50 (2003)
Neumann, G., Strembeck, M.: An approach to engineer and enforce context constraints in an RBAC environment. In: Proceedings of the eighth ACM symposium on Access control models and technologies, pp. 65–79 (2003)
Joshi, J.B.D., Shafiq, B., Ghafoor, A., Bertino, E.: Dependencies and separation of duty constraints in GTRBAC. In: Proceedings of the eighth ACM symposium on Access control models and technologies, pp. 51–64 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Xu, Z., Feng, D., Li, L., Chen, H. (2003). UC-RBAC: A Usage Constrained Role-Based Access Control Model. In: Qing, S., Gollmann, D., Zhou, J. (eds) Information and Communications Security. ICICS 2003. Lecture Notes in Computer Science, vol 2836. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39927-8_31
Download citation
DOI: https://doi.org/10.1007/978-3-540-39927-8_31
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20150-2
Online ISBN: 978-3-540-39927-8
eBook Packages: Springer Book Archive