Skip to main content
SpringerLink
Log in

UC-RBAC: A Usage Constrained Role-Based Access Control Model

  • Conference paper
Information and Communications Security (ICICS 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2836))

Included in the following conference series:

Abstract

Role-based access control (RBAC) models have received broad support as a generalized approach to access control. However, there are requirements to limit the maximum number of usage times of roles assigned to users, that cannot be modeled under current RBAC models. We present UC-RBAC model, an extended RBAC model, to tackle such dynamic aspects. UC-RBAC supports such constraints during periodic time. The constraints can be set to limit the usage of a role of both a specified user and all users assigned to the role. The formal definition and semantics of the model are presented.

This research was supported in part by NSFC Grant 60025205, 60273027, Chinese National 973 Project G1999035802 and Chinese National 863 Project 2002AA141080.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Sandhu, R., Ferraiolo, D., Kuhn, D.: The NIST model for role-based access control: towards a unified standard. In: Proceedings of Fifth ACM Workshop on Role-Based Access Control, Phoenix, AZ, pp. 47–63 (2000)

    Google Scholar 

  2. Tassey, G., Gallaher, M.P., et al.: Economic Impact Assessment of NIST’s Role-Based Access Control (RBAC) Program (2003), http://www.nist.gov/director/prog-ofc/report02-1.pdf

  3. American National Standard for Information Technology – Role Based Access Control (2003), http://csrc.nist.gov/rbac/rbac-std-ncits.pdf

  4. Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC: A temporal role-based access control model. ACM Transactions on Information and System Security (TISSEC) 4(3), 191–233 (2001)

    Article  Google Scholar 

  5. Barka, E., Sandhu, R.: A role-based delegation model and some extensions. In: Proceedings of the 23rd National Information Systems Security Conferencem, Baltimore, Md., October 2000, pp. 16–19 (2000)

    Google Scholar 

  6. Jaeger, T.: On the increasing importance of constraints. In: Proceedings of the fourth ACM workshop on Role-based access control, October 28–29, pp. 33–42 (1999)

    Google Scholar 

  7. Ferraiolo, D., Kuhn, D.: Role based access control. In: Proceedings of the 15th Annual Conference on National (USA) Computer Security, Gaithersburg, MD, pp. 554–563 (1992)

    Google Scholar 

  8. Sandhu, R., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Models. Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

  9. Sandhu, R.: Role hierarchies and constraints for lattice-based access controls. In: Bertino, E. (ed.) Proceedings of the Fourth European Symposium on Research in Computer Security (ESORICS 1996), Rome, Italy, September 1996, Springer, Heidelberg (1996)

    Google Scholar 

  10. Giuri, L., Iglio, P.: A formal model for role-based access control with constraints. In: Proceedings of 9th IEEE Workshop on Computer Security Foundations, Kenmare, Ireland, pp. 136–145. IEEE Press, Piscataway (1996)

    Chapter  Google Scholar 

  11. Ahn, G.-J., Sandhu, R.: Role-based authorization constraints specification. ACM Transactions on Information and System Security (TISSEC) 3(4), 207–226 (2000)

    Article  Google Scholar 

  12. Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC: A temporal role-based access control model. ACM Transactions on Information and System Security (TISSEC) 4(3), 191–233 (2001)

    Article  Google Scholar 

  13. Bertino, E., Bettini, C., Ferrari, E., Samarati, P.: An access control model supporting periodicity constraints and temporal reasoning. ACM Transactions on Database Systems (TODS) 23(3), 231–285 (1998)

    Article  Google Scholar 

  14. Niezette, M., Stevenne, J.: An efficient symbolic representation of periodic time. In: Proc. First International Conference on Information and Knowledge Management (1992)

    Google Scholar 

  15. Abrams, M., et al.: Generalized Framework for Access Control: Towards Prototyping the ORGCON Policy. In: Proceedings of the 14th National Computing Security Conference, pp. 257–266 (1991)

    Google Scholar 

  16. Park, J., Sandhu, R.: Towards Usage Control Models: Beyond Traditional Access Control. In: Proc. of the 7th ACM Symposium on Access Control Models and Technologies (2002)

    Google Scholar 

  17. Park, J., Sandhu, R.: Originator Control in Usage Control. In: 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY 2002), June 5-7, pp. 60–68 (2002)

    Google Scholar 

  18. Crampton, J.: Specifying and enforcing constraints in role-based access control. In: Proceedings of the eighth ACM symposium on Access control models and technologies, pp. 43–50 (2003)

    Google Scholar 

  19. Neumann, G., Strembeck, M.: An approach to engineer and enforce context constraints in an RBAC environment. In: Proceedings of the eighth ACM symposium on Access control models and technologies, pp. 65–79 (2003)

    Google Scholar 

  20. Joshi, J.B.D., Shafiq, B., Ghafoor, A., Bertino, E.: Dependencies and separation of duty constraints in GTRBAC. In: Proceedings of the eighth ACM symposium on Access control models and technologies, pp. 51–64 (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. State Key Lab. of Information security, ISCAS, Haidian district, Zhongguancun South 4th Street No. 4, Beijing, China

    Zhen Xu, Dengguo Feng, Lan Li & Hua Chen

Authors
  1. Zhen Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dengguo Feng
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lan Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hua Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute of Softwear, Chinese Academy of Sciences, 100080, Beijing, China

    Sihan Qing

  2. Institute for Security in Distributed Applications, Hamburg University of Technology, 21071, Hamburg, Germany

    Dieter Gollmann

  3. Cryptography and Security Department Institute for Infocomm Research, Singapore

    Jianying Zhou

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Xu, Z., Feng, D., Li, L., Chen, H. (2003). UC-RBAC: A Usage Constrained Role-Based Access Control Model. In: Qing, S., Gollmann, D., Zhou, J. (eds) Information and Communications Security. ICICS 2003. Lecture Notes in Computer Science, vol 2836. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39927-8_31

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-39927-8_31

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-20150-2

  • Online ISBN: 978-3-540-39927-8

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation