Skip to main content
SpringerLink
Log in

Management Advantages of Object Classification in Role-Based Access Control (RBAC)

  • Conference paper
Advances in Computer Science – ASIAN 2007. Computer and Network Security (ASIAN 2007)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 4846))

Included in the following conference series:

Abstract

This paper investigates the advantages of enabling object classification in role-based access control (RBAC). First, it is shown how the merits of the RBAC models can be ascribed to its using of abstraction and state of dependencies. Following same arguments, it is shown how inclusion of object classification will ameliorate dependencies and abstractions in the model. The discussion contains examining seven criteria to compare object-classification-enabled RBAC with plain RBAC and trivial-permission-assignment models, in order to show the advantages of object classification in a more formal manner. The criteria are: number and complexity of decisions, change management cost, risk of errors, policy portability and reuse, enforcement and compliance, support for traditional information classification policies, and object grouping and management support.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. American National Standards Institute: American National Standard for Information Technology, Role Based Access Control, ANSI/INCITS 359 (2004)

    Google Scholar 

  2. Bell, D.E., Lapadula, L.J.: Secure Computer Systems: Mathematical Foundations, Mitre Corp., Bedford, MA, Technical Report ESD-TR-73-278 (1973)

    Google Scholar 

  3. Covington, M.J., Moyer, M.J., Ahamad, M.: Generalized Role-Based Access Control for Securing Future Applications. In: Proceedings of 23rd National Information Systems Security Conference, Baltimore, MD, October 2000 (2000)

    Google Scholar 

  4. Damiani, Ernesto, Vimercati, De Capitani Di, S., Paraboschi, Stefano, Samarati, Pierangela.: Design and Implementation of an Access Control Processor for XML Documents. In: Proceedings of the 9th International World Wide Web Conference on Computer Networks: the International Journal of Computer and Telecommunications Networking, pp. 59–75 (2000)

    Google Scholar 

  5. Damiani, Ernesto, Vimercati, De Capitani Di, S., Paraboschi, Stefano, Samarati, Pierangela.: A Fine-Grained Access Control System For XML Documents. ACM Transactions on Information and System Security 5(2), 169–202 (2002)

    Article  Google Scholar 

  6. Ferraiolo, D.F., Kuhn, R.: Role-Based Access Control. In: Proceedings of the 15th NIST-NSA National Computer Security Conference, Baltimore, Maryland, October 1992, pp. 554–563 (1992)

    Google Scholar 

  7. Ferraiolo, D.F., Cugini, J.A., Kuhn, D.R.: Role-Based Access Control: Features and Motivations. In: Proceedings of the 11th Annual Computer Security Applications, New Orleans, LA, December 1995, pp. 241–248 (1995)

    Google Scholar 

  8. Ferraiolo, D.F., Barkley, J.F., Kuhn, D.R.: A Role-Based Access Control Model and Reference Implementation within a Corporate Intranet. ACM Transactions on Information and System Security 2(1), 34–64 (1999)

    Article  Google Scholar 

  9. Ferraiolo, D.F., Sandhu, Ravi, Gavrila, Serban, Kuhn, D.R., Chandrmouli, Ramaswamy.: Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and System Security 4(3), 224–274 (2001)

    Article  Google Scholar 

  10. Ferraiolo, D.F., Kuhn, D.R., Chandramouli, Ramaswamy.: Role-Based Access Control, Artech House London (2003)

    Google Scholar 

  11. Giuri, Luigi, Iglio, Pietro.: Role Templates For Content-Based Access Control. In: Proceedings of the Second ACM Workshop on Role-Based Access Control, pp. 153–159 (1997)

    Google Scholar 

  12. Goh, Cheh, Baldwin, Adrian.: Towards a More Complete Model of Role. In: Proceedings of the Third ACM Workshop on Role-Based Access Control, pp. 55–62 (1998)

    Google Scholar 

  13. Hu, Ferraiolo, V.C., Kuhn, D.F., Rick, D.: Assessment of Access Control Systems, National Institute of Standard Technology, Interagency Report 7316 (2006)

    Google Scholar 

  14. International Standard Organization: Information Technology-Security Techniques-Code of Practice for Information Security Management, ISO/IEC 17799:2005 (2005)

    Google Scholar 

  15. International Standard Organization: Information Technology-Security Techniques- Information Security Management Systems Requirements, ISO/IEC 27001:2005 (2005)

    Google Scholar 

  16. Kumar, Arun, Karnik, Neeran, Chafle, Girish.: Context Sensitivity in Role-Based Access Control. ACM SIGOPS Operating Systems Review 36(3), 53–66 (2002)

    Article  Google Scholar 

  17. Osborn, Sylvia, Sandhu, Ravi, Munawer, Qamar.: Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies. ACM Transactions on Information and System Security 3(2), 85–106 (2000)

    Article  Google Scholar 

  18. Roeckle, Haio, Schimpf, Gerhard, Weidinger, Rupert.: Process-Oriented Approach for Role-Finding to Implement Role-Based Security Administration in a Large Industrial Organization. In: Proceedings of the Fifth ACM Workshop on Role-based Access Control, pp. 103-110 (2000)

    Google Scholar 

  19. Sandhu, Ravi, Coyne, Edward. J., Feinstein, Hal, L., Youman, Charles, E.: Role-Based Access Control: A Multi-Dimensional View. In: Proceedings of 10th Annual Computer Security Applications Conference, December 1994, Orlando, Florida, pp. 54–62 (1994)

    Google Scholar 

  20. Sandhu, Ravi, Coynek, Edward, J., Feinsteink, Hal, L., Youmank, C.E.: Role-Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)

    Google Scholar 

  21. Schaad, Andreas, Moffett, Jonathan, Jacob, Jeremy.: The Role-Based Access Control System of a European Bank: a Case Study and Discussion. In: Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, pp. 3–9 (2001)

    Google Scholar 

  22. Thomas, R.K.: Team-Based Access Control (TMAC): A Primitive for Applying Role-Based Access Controls in Collaborative Environments. In: Proceedings of the Second ACM Workshop on Role-Based Access Control, pp. 13–19 (1997)

    Google Scholar 

  23. Al-Kahtani, M.A., Sandhu, R.: Induced Role Hierarchies with Attribute-Based RBAC. In: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies, pp. 142–148 (2003)

    Google Scholar 

  24. Chae, J.: Towards Modal Logic Formalization of the Role-based Access Control with Object Classes. In: FORTE 2007. LNCS, vol. 4574, pp. 97–111. Springer, Heidelberg (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Technology, Faculty of Industrial Engineering, University of Science and Technology (IUST), Narmak, Tehran, Iran

    Mohammad Jafari & Mohammad Fathian

Authors
  1. Mohammad Jafari
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohammad Fathian
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Iliano Cervesato

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Jafari, M., Fathian, M. (2007). Management Advantages of Object Classification in Role-Based Access Control (RBAC). In: Cervesato, I. (eds) Advances in Computer Science – ASIAN 2007. Computer and Network Security. ASIAN 2007. Lecture Notes in Computer Science, vol 4846. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-76929-3_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-76929-3_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-76927-9

  • Online ISBN: 978-3-540-76929-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation