skip to main content
10.1145/3102304.3109817acmotherconferencesArticle/Chapter ViewAbstractPublication PagesicfndsConference Proceedingsconference-collections
research-article

An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security

Published: 19 July 2017 Publication History

Abstract

Role-based access control (RBAC) is a widely-used protocol to design and build an access control for providing the system security regarding authorization. Even though in the context of internet resources access, the authentication and access control are providing critical functionalities. In practice, the RBAC model has three perspectives such as Access Control, End User, and Administrator. An access control model must be built while giving highest priority to Access Control dimension. It means that the system must be secure regarding authorization. Thus, the system may be less useful for end-users and administrators. In this paper, we categorize that the basic motivation behind RBAC model is the easiest administration compared to tight authorization that becomes the reason for the evolution of RBAC model. Tight authorization creates many problems to make a system secure regarding authorization. Therefore, the true dimensions of RBAC model are identified in this study to change the mindset of researchers that RBAC is evolved for easier administration instead of tight access control. We propose a solution to incorporate the concept of roles for relaxed administration along with the permission-based access control. Moreover, we conclude that the dynamic separation of duty (DSD) should be implemented by permissions instead of roles in RBAC model.

References

[1]
Muhammad Asif Habib. Role inheritance with object-based dsd. International Journal of Internet Technology and Secured Transactions, 3(2):149--160, 2011.
[2]
Syed Zain R Rizvi and Philip WL Fong. Interoperability of relationship-and role-based access control. In Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy, pages 231--242. ACM, 2016.
[3]
Naim Alperen Pulur, Duygu Karaoğlan Altop, and Albert Levi. A role and activity based access control for secure healthcare systems. In Information Sciences and Systems 2015, pages 93--103. Springer, 2016.
[4]
Alshaimaa Abo-Alian, Nagwa L Badr, and Mohamed F Tolba. Hierarchical attribute-role based access control for cloud computing. In The 1st International Conference on Advanced Intelligent System and Informatics (AISI2015), November 28--30, 2015, Beni Suef, Egypt, pages 381--389.Springer, 2016.
[5]
Jun Luo, Hongjun Wang, Xun Gong, and Tianrui Li. A novel role-based access control model in cloud environments. International Journal of Computational Intelligence Systems, 9(1):1--9, 2016.
[6]
Zahid Ullah, Sohail Jabbar, Muhammad Haris bin Tariq Alvi, and Awais Ahmad. Analytical study on performance, challenges and future considerations of google file system. International Journal of Computer and Communication Engineering, 3(4): 279, 2014.
[7]
Carlos Cotrini, Thilo Weghorn, David Basin, and Manuel Clavel. Analyzing first-order role based access control. In Computer Security Foundations Symposium (CSF), 2015 IEEE 28th, pages 3--17. IEEE, 2015.
[8]
Murad Khan, Sadia Din, Sohail Jabbar, Moneeb Gohar, Hemant Ghayvat, and SC Mukhopadhyay. Context-aware low power intelligent smarthome based on the internet of things. Computers & Electrical Engineering, 52:208--222, 2016.
[9]
Anna Lisa Ferrara, P Madhusudan, and Gennaro Parlato. Policy analysis for self-administrated role-based access control. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems, pages 432--447.Springer, 2013.
[10]
Xiaopu Ma, Ruixuan Li, Zhengding Lu, and Wei Wang. Mining constraints in role-based access control. Mathematical and Computer Modelling, 55(1):87--96, 2012.
[11]
Anand Paul, Awais Ahmad, M Mazhar Rathore, and Sohail Jabbar. Smartbuddy: defining human behaviors using big data analytics in social internet of things. IEEE Wireless Communications, 23(5):68--74, 2016.
[12]
Silvio Ranise, Anh Truong, and Alessandro Armando. Scalable and precise automated analysis of administrative temporal role-based access control. In Proceedings of the 19th ACM symposium on Access control models and technologies, pages 103--114. ACM, 2014.
[13]
Junaid Ahsenali Chaudhry, Mudassar Ahmad, et al. A study on elliptic curve digital signature algorithm (ecdsa) for reliable e-commerce applications. SmartCR, 2(1):71--78, 2012.
[14]
Jiangfeng Li, Zhenyu Liao, Chenxi Zhang, and Yang Shi. A 4d-role based access control model for multitenancy cloud platform. Mathematical Problems in Engineering, 2016, 2016.
[15]
Mudassar Ahmad, Asri Bin Ngadi, Ambreen Nawaz, Usman Ahmad, Tasleem Mustafa, and Ahsan Raza. A survey on tcp cubic variant regarding performance. In Multitopic Conference (INMIC), 2012 15th International, pages 409--412. IEEE, 2012.
[16]
D Nidhin, I Praveen, and K Praveen. Role-based access control for encrypted data using vector decomposition. In Proceedings of the International Conference on Soft Computing Systems, pages 123--131. Springer, 2016.
[17]
ANSI INCITS. Incits 359--2004. role-based access control. American NatâĂŹ;l Standard for Information Technology, 2004.
[18]
Mr Dennis M Gilbert. An examination of federal and commercial access control policy needs. In National Computer Security Conference, 1993 (16th) Proceedings: Information Systems Security: User Choices, page 107. DIANE Publishing, 1995.
[19]
Mudassar Ahmad, Sumaira Taj, Tasleem Mustafa, and Md Asri. Performance analysis of wireless network with the impact of security mechanisms. In Emerging Technologies (ICET), 2012 International Conference on, pages 1--6. IEEE, 2012.
[20]
Ravi S Sandhu. Separation of duties in computerized information systems. In DBSec, pages 179--190, 1990.
[21]
Hannah K Lee and Heiko Luedemann. Lightweight decentralized authorization model for inter-domain collaborations. In Proceedings of the 2007 ACM workshop on Secure web services, pages 83--89. ACM, 2007.
[22]
Manuel Koch, Luigi V Mancini, and Francesco Parisi-Presicce. A graph-based formalism for rbac. ACM Transactions on Information and System Security (TISSEC), 5(3):332--365, 2002.
[23]
Ravi Sandhu and Qamar Munawer. How to do discretionary access control using roles. In Proceedings of the third ACM workshop on Role-based access control, pages 47--54. ACM, 1998.
[24]
Alan Karp, Harry Haury, and Michael Davis. From abac to zbac: the evolution of access control models. In International Conference on Cyber Warfare and Security, page 202. Academic Conferences International Limited, 2010.
[25]
Ravi S. Sandhu. Lattice-based access control models. Computer, 26(11):9--19, 1993.
[26]
Ravi Sandhu, David Ferraiolo, and Richard Kuhn. The nist model for role-based access control: towards a unified standard. In ACM workshop on Role-based access control, volume 2000, pages 1--11, 2000.
[27]
J. Shukis. "what's wrong with the ansi rbac standard? Part 2 - Role-Role SOD is just too simple to work," in Identity Think Oracle Blog, 2011.
[28]
Rehan Ashraf, Khalid Bashir Bajwa, and Toqeer Mahmood. Content-based image retrieval by exploring bandletized regions through support vector machines. J. Inf. Sci. Eng., 32(2):245--269, 2016.
[29]
R Ashraf, T Mahmood, A Irtaza, and KB Bajwa. A novel approach for the gender classification through trained neural networks. J. Basic Appl. Sci. Res, 4:136--144, 2014.
[30]
Rehan Ashraf, Khalid Bashir, Aun Irtaza, and Muhammad Tariq Mahmood. Content based image retrieval using embedded neural networks with bandletized regions. Entropy, 17(6):3552--3580, 2015.

Cited By

View all
  • (2021)Systematic Analysis of Artificial Intelligence-Based Platforms for Identifying Governance and Access ControlSecurity and Communication Networks10.1155/2021/86864692021Online publication date: 18-Dec-2021
  • (2020)Blockchain-based Supply Chain for the Automation of Transaction Process: Case Study based Validation2020 International Conference on Engineering and Emerging Technologies (ICEET)10.1109/ICEET48479.2020.9048213(1-7)Online publication date: Feb-2020
  • (2020)Fundamental Issues of Future Internet of Things2020 International Conference on Engineering and Emerging Technologies (ICEET)10.1109/ICEET48479.2020.9048199(1-6)Online publication date: Feb-2020
  • Show More Cited By

Index Terms

  1. An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Other conferences
    ICFNDS '17: Proceedings of the International Conference on Future Networks and Distributed Systems
    July 2017
    325 pages
    ISBN:9781450348447
    DOI:10.1145/3102304
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    In-Cooperation

    • LABSTICC: Labsticc

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 19 July 2017

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. Access control
    2. Authentication
    3. Discretionary Access Control
    4. Dynamic separation of duty
    5. RBAC model
    6. Security

    Qualifiers

    • Research-article
    • Research
    • Refereed limited

    Conference

    ICFNDS '17

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)12
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 16 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2021)Systematic Analysis of Artificial Intelligence-Based Platforms for Identifying Governance and Access ControlSecurity and Communication Networks10.1155/2021/86864692021Online publication date: 18-Dec-2021
    • (2020)Blockchain-based Supply Chain for the Automation of Transaction Process: Case Study based Validation2020 International Conference on Engineering and Emerging Technologies (ICEET)10.1109/ICEET48479.2020.9048213(1-7)Online publication date: Feb-2020
    • (2020)Fundamental Issues of Future Internet of Things2020 International Conference on Engineering and Emerging Technologies (ICEET)10.1109/ICEET48479.2020.9048199(1-6)Online publication date: Feb-2020
    • (2018)Survey: Security and Trust Management in Internet of Things2018 IEEE Global Conference on Wireless Computing and Networking (GCWCN)10.1109/GCWCN.2018.8668640(131-134)Online publication date: Nov-2018

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media