ABSTRACT
In this paper, we follow the role-based access control (RBAC) approach and extend it to provide for the dynamic association of roles with users. In our framework, privileges associated with resources are assigned depending on the attribute values of the resources, attribute values associated with users determine the association of users with privileges, and a location mapping function between physical and logical locations allows to enable/disable roles depending on the logical location of the users and thus preserve the privacy of the location. We use Semantic Web technologies and a graphical user interface based on the Google Maps API.
- E. Bertino, B. Catania, M. L. Damiani, and P. Perlasca. GEO-RBAC: A Spatially Aware RBAC. In ACM Symposium on Access Control Models and Technologies (SACMAT), pages 29--37, 2005. Google ScholarDigital Library
- L. Cirio, I. F. Cruz, and R. Tamassia. A Role and Attribute Based Access Control System Using Semantic Web Technologies. In Int. IFIP Workshop on Semantic Web and Web Semantics, volume 4806 of Lecture Notes in Computer Science, pages 1256--1266. Springer, 2007. Google ScholarDigital Library
- X. Cui, Y. Chen, and J. Gu. Ex-RBAC: An Extended Role Based Access Control Model for Location-aware Mobile Collaboration System. In Int. Conf. on Internet Monitoring and Protection (ICIMP), pages 36--42, 2007. Google ScholarDigital Library
- M. L. Damiani and E. Bertino. Access Control and Privacy in Location-Aware Services for Mobile Organizations. In Int. Conf. on Mobile Data Management (MDM), pages 11--20, 2006. Google ScholarDigital Library
Index Terms
- A location aware role and attribute based access control system
Recommendations
Role-Based Access Control Models
Since the 1970s, computer systems have featured multiple applications and served multiple users, leading to heightened awareness of data security issues. System administrators and software developers focused on different kinds of access control to ...
Delegation in role-based access control
User delegation is a mechanism for assigning access rights available to one user to another user. A delegation can either be a grant or transfer operation. Existing work on delegation in the context of role-based access control models has extensively ...
Delegation in role-based access control
ESORICS'06: Proceedings of the 11th European conference on Research in Computer SecurityUser delegation is a mechanism for assigning access rights available to a user to another user. A delegation operation can either be a grant or transfer operation. Delegation for role-based access control models have extensively studied grant ...
Comments