skip to main content
article

An effective role administration model using organization structure

Published: 01 May 2006 Publication History

Abstract

Role-based access control (RBAC) is a well-accepted model for access control in an enterprise environment. When we apply RBAC model to large enterprises, effective role administration is a major issue. ARBAC97 is a well-known solution for decentralized RBAC administration. ARBAC97 authorizes administrative roles by means of role ranges and prerequisite conditions, where prerequisite conditions effectively work as a restricted pool for administrative roles to pick users or permissions. Although attractive and elegant in their own right, these mechanisms have significant shortcomings. In this paper, we propose an improved role administration model named ARBAC02 to overcome the weaknesses of ARBAC97. ARBAC02 introduces the concept of organization structure for defining user and permission pools independent of roles and role hierarchies, with a refined prerequisite condition specification. In addition, we present a bottom-up approach of permission-role administration in contrast to the top-down approach in ARBAC97. As a general solution, we illustrate the applications of organization structured-based security administration with other access control models, such as access control list model and lattice-based access control model.

References

[1]
Biba, K. J. 1977. Integrity Considerations for Secure Computer Systems. Mitre Corp. Report No.TR3153, Bedford, MA. (Also available through Nat'l Technical Information Service, Springfield, Va., Report No. NTIS AD--A039324.)
[2]
Bell, D. E. and Lapadula, L.J. 1975. Secure Computer Systems: Mathematical Foundations and Model. Mitre Corp. Report No. M74-244, Bedford, MA. (Also available through Nat'l Technical Information Service, Springfield, VA, Report No. NTIS AD-771543.)
[3]
Cramton, J. and Loizou, G. 2002. Administrative scope and role hierarchy operations. In Proceedings of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT2002). Monterey, CA.
[4]
Ids share. Aris house. http://www.ids-scheer.com
[5]
Joshi, J. B. D., Aref, W. G., Ghafoor, A., and Spafford, E. H. 2001. Security models for web-based applications. Communications of the ACM, 44, 2.
[6]
Moffett, J. D. 1998. Control principles and role hierarchies. In Proceedings of the 3rd ACM Workshop on Role-Based Access Control. Fairfax, VA.
[7]
Moffett, J. D. and Lupu, E. C. 1999. The use of role hierarchies in access control. In Proceedings of the 4th ACM Workshop on Role-Based Access Control. Fairfax, VA.
[8]
Nyanchama, M. and Osborn, S. 1999. The role graph model and conflict of interest. ACM Transactions on Information and System Security, 2, 1, 3--33.
[9]
Oh, S. and Park, S. 2001. An improved administration method on role-based access control in the enterprise environment. Journal of Information Science and Engineering 17, 921--944.
[10]
Osborn, S. and Guo, Y. 2000. Modeling users in role-based access control. In Proceedings of Fifth ACM Workshop on Role-Based Access Control, 2000.
[11]
Osborn, S., Sandhu, R., and Munawer, Q. 2000. Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Transactions on Information and System Security, 3, 2, 85--106.
[12]
Perwaiz, N. and Sommerville, I. 2001. Structured management of role-permission relationships. In Proceedings of 6th ACM Symposium on Access Control Models and Technologies. Chantilly, VA.
[13]
Sandhu, R. 1993. Lattice-Based Access Control Models. IEEE Computer, 26, 11.
[14]
Sandhu, R. and Bhamidipati, V. 1997a. The URA97 model for role-based user-role assignment. In Proceedings of IFIP WG 11.3 Workshop on Database Security. Lake Tahoe, CA.
[15]
Sandhu, R. and Bhamidipati, V. 1997b. The ARBAC97 model for role-based administration of Roles: Preliminary description and outline. In Proceedings of second ACM Workshop on Role-Based Access Control. Fairfax, VA.
[16]
Sandhu, R. and Munawer, Q. 1998. The RRA97 model for role-based administration of role hierarchy. In Proceedings of the Annual Computer Security Applications Conference. Phoenix, AZ.
[17]
Sandhu, R., Coyne, E., Feinstein H., and Youman, C. 1996. Role-based access control models. IEEE Computer, 29, 2, 38--47.
[18]
Sandhu, R. and Bhamidipati, V. 1999. Role-based administration of user-role assignment: The URA97 model and its Oracle implementation. Journal of Computer Security, 7.
[19]
Sandhu, R. and Munawer, Q. 1999. The ARBAC99 model for administration of roles. In Proceedings of the Annual Computer Security Applications Conference. Phoenix, AZ.
[20]
Sandhu, R., Bhamidipati V., and Munawer, Q. 1999. The ARBAC97 model for role-based administration of roles. ACM Transactions on Information and System Security, 2, 1, 105--135.

Cited By

View all
  • (2022)Enhancing Security of Mobile Cloud Computing by Trust- and Role-Based Access ControlScientific Programming10.1155/2022/99950232022Online publication date: 1-Jan-2022
  • (2022)Real geo‐time‐based secured access computation model for e‐Health systemsComputational Intelligence10.1111/coin.1252339:1(18-35)Online publication date: 10-Apr-2022
  • (2021)Shared Access Control Models for Big Data: A Perspective Study and AnalysisProceedings of International Conference on Intelligent Computing, Information and Control Systems10.1007/978-981-15-8443-5_33(397-410)Online publication date: 25-Jan-2021
  • Show More Cited By

Index Terms

  1. An effective role administration model using organization structure

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Transactions on Information and System Security
      ACM Transactions on Information and System Security  Volume 9, Issue 2
      May 2006
      122 pages
      ISSN:1094-9224
      EISSN:1557-7406
      DOI:10.1145/1151414
      Issue’s Table of Contents
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 01 May 2006
      Published in TISSEC Volume 9, Issue 2

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. Access control
      2. RBAC
      3. role administration
      4. role-based access control

      Qualifiers

      • Article

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)24
      • Downloads (Last 6 weeks)6
      Reflects downloads up to 21 Jan 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2022)Enhancing Security of Mobile Cloud Computing by Trust- and Role-Based Access ControlScientific Programming10.1155/2022/99950232022Online publication date: 1-Jan-2022
      • (2022)Real geo‐time‐based secured access computation model for e‐Health systemsComputational Intelligence10.1111/coin.1252339:1(18-35)Online publication date: 10-Apr-2022
      • (2021)Shared Access Control Models for Big Data: A Perspective Study and AnalysisProceedings of International Conference on Intelligent Computing, Information and Control Systems10.1007/978-981-15-8443-5_33(397-410)Online publication date: 25-Jan-2021
      • (2020)VERIFICATION OF THE EXISTANCE OF HUMAN AND SOCIAL CAPITAL IN HIGHLY TECHNICAL EDUCATION INSTITUTIONSAFFILIATED WITH NBTVE, LIBYAInternational Journal of Engineering Technologies and Management Research10.29121/ijetmr.v7.i2.2020.5187:2(111-123)Online publication date: 17-Mar-2020
      • (2020)PARBAC: Priority-Attribute-Based RBAC Model for Azure IoT CloudIEEE Internet of Things Journal10.1109/JIOT.2019.29637947:4(2890-2900)Online publication date: Apr-2020
      • (2018)Formal definition and analysis of access control model based on role and attributeJournal of Information Security and Applications10.1016/j.jisa.2018.09.00143(53-60)Online publication date: Dec-2018
      • (2018)Survey of access control models and technologies for cloud computingCluster Computing10.1007/s10586-018-1850-7Online publication date: 1-Feb-2018
      • (2018)Access Control Administration PoliciesEncyclopedia of Database Systems10.1007/978-1-4614-8265-9_332(14-17)Online publication date: 7-Dec-2018
      • (2016)POSTERProceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security10.1145/2976749.2989068(1802-1804)Online publication date: 24-Oct-2016
      • (2016)Multi-tenancy access control strategy for cloud services2016 10th International Conference on Software, Knowledge, Information Management & Applications (SKIMA)10.1109/SKIMA.2016.7916229(258-261)Online publication date: 2016
      • Show More Cited By

      View Options

      Login options

      Full Access

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Media

      Figures

      Other

      Tables

      Share

      Share

      Share this Publication link

      Share on social media