To see the other types of publications on this topic, follow the link: Role based access control (RBAC).
Journal articles on the topic 'Role based access control (RBAC)'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Role based access control (RBAC).'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Wang, Zhen Wu. "A Flexible Role Based Access Control Engine Model." Advanced Materials Research 403-408 (November 2011): 2477–80. http://dx.doi.org/10.4028/www.scientific.net/amr.403-408.2477.
Full textAbstract:
The normal role-based access control (RBAC) model decouples users and permissions through roles,and different software systems have different implementation syteles.The paper proposes an engine model which can configure the RBAC management systems flexibly.It is a configuration tool to generate different RBAC management systems which meet different users’ requirements. The practice proves that the engine model can improve the efficiency and quality of software development. The role-based access control model decouples users and permissions through roles in order to simplify authorized operations and safety management[1]. Many literatures[2-6] discuss the RBAC model from different aspects. Some literatures[2-3] add new elements to the normal RBAC model,and these models are unidimensional according to the manipulated resources.For example, the NIST RBAC reference model [2] extends and standardize the RBAC96 [1] model reasonably.Some literatures[4-5] introduce time property to RBAC model and they are two-dimensional models according to the manipulated resources.Literature[6] furtherly add visual data muster to RBAC model and proposes a three-dimensional access control model. All of these models only discuss access control model theoretically,and different role-based access control modules in software systems have different instantiation sytles.For example, a RBAC module in one software system can not meet the access control requirements in another system because different RBAC modules have different table fields in order to realize certain requirements. This paper proposes a flexible role-based access control engine which can configure the RBAC module for different systmes according to each customer’s requirement.The engine is a configuration tool and it can realize various RBAC modules which have different table fields in database.The paper is organized as follows.Section I introduces the basic concepts of the NIST RBAC model;Seciton II details the description of RBAC engine model and gives the configuration steps using this engine to generate RBAC instances,and at last section III gives an example and concludes the paper.
2
Aftab, Muhammad Umar, Zhiguang Qin, Negalign Wake Hundera, Oluwasanmi Ariyo, Zakria, Ngo Tung Son, and Tran Van Dinh. "Permission-Based Separation of Duty in Dynamic Role-Based Access Control Model." Symmetry 11, no. 5 (May 15, 2019): 669. http://dx.doi.org/10.3390/sym11050669.
Full textAbstract:
A major development in the field of access control is the dominant role-based access control (RBAC) scheme. The fascination of RBAC lies in its enhanced security along with the concept of roles. In addition, attribute-based access control (ABAC) is added to the access control models, which is famous for its dynamic behavior. Separation of duty (SOD) is used for enforcing least privilege concept in RBAC and ABAC. Moreover, SOD is a powerful tool that is used to protect an organization from internal security attacks and threats. Different problems have been found in the implementation of SOD at the role level. This paper discusses that the implementation of SOD on the level of roles is not a good option. Therefore, this paper proposes a hybrid access control model to implement SOD on the basis of permissions. The first part of the proposed model is based on the addition of attributes with dynamic characteristics in the RBAC model, whereas the second part of the model implements the permission-based SOD in dynamic RBAC model. Moreover, in comparison with previous models, performance and feature analysis are performed to show the strength of dynamic RBAC model. This model improves the performance of the RBAC model in terms of time, dynamicity, and automatic permissions and roles assignment. At the same time, this model also reduces the administrator’s load and provides a flexible, dynamic, and secure access control model.
3
Rashid, Mamoon, and Er Rishma Chawla. "Securing Data Storage By Extending Role-Based Access Control." International Journal of Cloud Applications and Computing 3, no. 4 (October 2013): 28–37. http://dx.doi.org/10.4018/ijcac.2013100103.
Full textAbstract:
Role-based access control (RBAC) models have generated a great interest in the security community as a powerful and generalized approach to security management and ability to model organizational structure and their capability to reduce administrative expenses. In this paper, the authors highlight the drawbacks of RBAC models in terms of access control and authorization and later provide a more viable extended-RBAC model, which enhances and extends its powers to make any Cloud Server more secure by adding valuable constraints. Later the Blobs are stored on cloud server which is then accessed by the end users via this Extended RBAC model. The authors describe a practical implementation of the proposed extended RBAC based architecture and discuss the performance results with its base models. The authors later show how the users with different premiums can access this architecture in a better way and also how the unknown users for this architecture can be denied the usage of services by adding valuable constraints.
4
Gao, Lei, and Shu Lin Pan. "Fine-Grained Access Control Model Based on RBAC." Advanced Materials Research 468-471 (February 2012): 1667–70. http://dx.doi.org/10.4028/www.scientific.net/amr.468-471.1667.
Full textAbstract:
Military information system has unusually tough restrictions on the rank, and attaches weight to the safety and secrecy of the information. This makes the higher demands on access control on information. So a new access control model based on RBAC is prompted against the limitation of the existing models of RBAC. This model is named as fine-grained access control model based on RBAC. This model not only assigns different roles to different users, but also adds an attribute of department ,so the role and the department are combined; It realizes fine-grained access control and refines to controls of pages, so this keeps access control more precise; Role tree is used to define roles and in order to prevent the problem brought up by role inheriting, it impose s restrictions on whether it can role inherit; At last, ACL store the especial instances’ alteration. When a control is accessed, it will examine the role and department and then judge whether it can role inherit and then judge by combing ACL. So this will attain access control objective. The fulfillment indicates that this model can meet the requirement of real application of military information management system.
5
Nyame, Gabriel, and Zhiguang Qin. "Precursors of Role-Based Access Control Design in KMS: A Conceptual Framework." Information 11, no. 6 (June 22, 2020): 334. http://dx.doi.org/10.3390/info11060334.
Full textAbstract:
Role-based access control (RBAC) continues to gain popularity in the management of authorization concerning access to knowledge assets in organizations. As a socio-technical concept, the notion of role in RBAC has been overemphasized, while very little attention is given to the precursors: role strain, role ambiguity, and role conflict. These constructs provide more significant insights into RBAC design in Knowledge Management Systems (KMS). KMS is the technology-based knowledge management tool used to acquire, store, share, and apply knowledge for improved collaboration and knowledge-value creation. In this paper, we propose eight propositions that require future research concerning the RBAC system for knowledge security. In addition, we propose a model that integrates these precursors and RBAC to deepen the understanding of these constructs. Further, we examine these precursory constructs in a socio-technical fashion relative to RBAC in the organizational context and the status–role relationship effects. We carried out conceptual analysis and synthesis of the relevant literature, and present a model that involves the three essential precursors that play crucial roles in role mining and engineering in RBAC design. Using an illustrative case study of two companies where 63 IT professionals participated in the study, the study established that the precursors positively and significantly increase the intractability of the RBAC system design. Our framework draws attention to both the management of organizations and RBAC system developers about the need to consider and analyze the precursors thoroughly before initiating the processes of policy engineering, role mining, and role engineering. The propositions stated in this study are important considerations for future work.
6
Huang, Dan Hua, and Ya Qian Yang. "Role-Based Risk Adaptive Access Control Model." Applied Mechanics and Materials 416-417 (September 2013): 1516–21. http://dx.doi.org/10.4028/www.scientific.net/amm.416-417.1516.
Full textAbstract:
To solve the problem of only considering constraint verification and ignoring current running environmental security, Economical risk is applied in Role-Based Access Control (RBAC) to weigh user needs and environmental security according to context information and current environment. A model for Role-Based Risk Adaptive Access Control (RRAAC) combining traditional RBAC with new Risk Adaptable Access Control (RAdAC), and the method of risk calculation used in RRAAC model and its mathematic analysis and verification are presented in this paper. This RRAAC model has already been realized in a general personnel management system and experimental result shows that this model possesses great flexibility and certain adaptability coping with environmental changes during access control and task executing in business processes.
7
Zhao, Yu Lan, and Chun Feng Jiang. "Research of Access Control Models in Personal Networks." Advanced Materials Research 989-994 (July 2014): 4751–54. http://dx.doi.org/10.4028/www.scientific.net/amr.989-994.4751.
Full textAbstract:
How to prevent illegal users from sharing system resources was one of the main purposes for MAGNET Security Group. This paper introduced some major access control models such as traditional access control models, role-based access control model (RBAC), task-based access control model (TBAC) and role-task-based access control model (T-RBAC). In the end, a feasible scheme PN_T-RBAC was proposed at the base of the T-RBAC model in existence, which was suitable for the coalition environment of personal networks.
8
de Carvalho Junior, Marcelo Antonio, and Paulo Bandiera-Paiva. "Health Information System Role-Based Access Control Current Security Trends and Challenges." Journal of Healthcare Engineering 2018 (2018): 1–8. http://dx.doi.org/10.1155/2018/6510249.
Full textAbstract:
Objective. This article objective is to highlight implementation characteristics, concerns, or limitations over role-based access control (RBAC) use on health information system (HIS) using industry-focused literature review of current publishing for that purpose. Based on the findings, assessment for indication of RBAC is obsolete considering HIS authorization control needs. Method. We have selected articles related to our investigation theme “RBAC trends and limitations” in 4 different sources related to health informatics or to the engineering technical field. To do so, we have applied the following search query string: “Role-Based Access Control” OR “RBAC” AND “Health information System” OR “EHR” AND “Trends” OR “Challenges” OR “Security” OR “Authorization” OR “Attacks” OR “Permission Assignment” OR “Permission Relation” OR “Permission Mapping” OR “Constraint”. We followed PRISMA applicable flow and general methodology used on software engineering for systematic review. Results. 20 articles were selected after applying inclusion and exclusion criteria resulting contributions from 10 different countries. 17 articles advocate RBAC adaptations. The main security trends and limitations mapped were related to emergency access, grant delegation, and interdomain access control. Conclusion. Several publishing proposed RBAC adaptations and enhancements in order to cope current HIS use characteristics. Most of the existent RBAC studies are not related to health informatics industry though. There is no clear indication of RBAC obsolescence for HIS use.
9
Abbdelkrim, Bouadjemi. "FORMAL DECISION MODELING FOR ROLE-BASED ACCESS CONTROL POLICIES." Advances in Mathematics: Scientific Journal 12, no. 3 (March 18, 2023): 465–77. http://dx.doi.org/10.37418/amsj.12.3.4.
Full textAbstract:
Role-Based Access Control (RBAC) has been widely used in information systems, including so-called critical systems. In business, workflows are used to control the flow of processes. One of the major issues concerning these processes is to be able to verify that a proposed process model strictly corresponds to the specifications to which it is supposed to respond. Access control models describe the frameworks that dictate permissions. The RBAC model is generally static, i.e. the access control decisions are: grant or deny. Dynamic and flexible access control is required. In order to increase the flexibility of access control, the notion of decision has been proposed. Decisions execute the requirements to be fulfilled. The main of this article is to use the decision to produce a dynamic model. Our model augments the dynamics of the RBAC model. It allows dynamically assigning permissions. For illustration, Feather's meeting management system is used. Finally, first-order logic is used to analyze the validity of the proposed model.
10
Mundbrod, Nicolas, and Manfred Reichert. "Object-Specific Role-Based Access Control." International Journal of Cooperative Information Systems 28, no. 01 (March 2019): 1950003. http://dx.doi.org/10.1142/s0218843019500035.
Full textAbstract:
The proper management of privacy and security constraints in information systems in general and access control in particular constitutes a tremendous, but still prevalent challenge. Role-based access control (RBAC) and its variations can be considered as the widely adopted approach to realize authorization in information systems. However, RBAC lacks a proper object-specific support, which disallows establishing the fine-grained access control required in many domains. By comparison, attribute-based access control (ABAC) enables a fine-grained access control based on policies and rules evaluating attributes. As a drawback, ABAC lacks the abstraction of roles. Moreover, it is challenging to engineer and to audit the granted privileges encoded in rule-based policies. This paper presents the generic approach of object-specific role-based access control (ORAC). On one hand, ORAC enables information system engineers, administrators and users to utilize the well-known principle of roles. On the other hand, ORAC allows realizing the access to objects in a fine-grained way where required. The approach was systematically established according to well-elicited key requirements for fine-grained access control in information systems. For the purpose of evaluation, the approach was applied to real-world scenarios and implemented in a proof-of-concept prototype demonstrating its feasibility and applicability.
11
Wang, Tao, and Qiang Wu. "Role Minimization Optimization Algorithm Based on Concept Lattice Factor." Mathematics 11, no. 14 (July 10, 2023): 3047. http://dx.doi.org/10.3390/math11143047.
Full textAbstract:
Role-based access control (RBAC) is a widely adopted security model that provides a flexible and scalable approach for managing permissions in various domains. One of the critical challenges in RBAC is the efficient assignment of roles to users while minimizing the number of roles involved. This article presents a novel role minimization optimization algorithm (RMOA) based on the concept lattice factor to address this challenge. The proposed RMOA leverages the concept lattice, a mathematical structure derived from formal concept analysis, to model and analyze the relationships between roles, permissions, and users in an RBAC system. By representing the RBAC system as a concept lattice, the algorithm captures the inherent hierarchy and dependencies among roles and identifies the optimal role assignment configuration. The RMOA operates in two phases: the first phase focuses on constructing the concept lattice from the RBAC system’s role–permission–user relations, while the second phase performs an optimization process to minimize the number of roles required for the access control. It determines the concept lattice factor using the concept lattice interval to discover the minimum set of roles. The optimization process considers both the user–role assignments and the permission–role assignments, ensuring that access requirements are met while reducing role proliferation. Experimental evaluations conducted on diverse RBAC datasets demonstrate the effectiveness of the proposed algorithm. The RMOA achieves significant reductions in the number of roles compared to existing role minimization approaches, while preserving the required access permissions for users. The algorithm’s efficiency is also validated by its ability to handle large-scale RBAC systems within reasonable computational time.
12
Zhao, Jiang Min, Jian Kang, and Tian Ge Li. "A Flexible Workflow Model of Role Based Access Control." Applied Mechanics and Materials 733 (February 2015): 784–87. http://dx.doi.org/10.4028/www.scientific.net/amm.733.784.
Full textAbstract:
For the shortcomings of the traditional workflow in flexibility, this paper analyzes the advantages of Role Based Access Control Technology (RBAC) in realizing procedure permission dynamic management. With RBAC applied in it, this paper also constructs the flexible workflow model of Role Based Access Control and gives out the definition of the engine as well as the components concerned. In addition, it also solves the problems of the flexible operation of resource and dynamic assigning tasks in the business process, and applies the engine into the specific business process.
13
Meneka, M., and K. Meenakshisundaram. "An Enhancement Role and Attribute Based Access Control Mechanism in Big Data." International Journal of Electrical and Computer Engineering (IJECE) 8, no. 5 (October 1, 2018): 3187. http://dx.doi.org/10.11591/ijece.v8i5.pp3187-3193.
Full textAbstract:
To be able to leverage big data to achieve enhanced strategic insight and make informed decision, an efficient access control mechanism is needed for ensuring end to end security of such information asset. Attribute Based Access Control (ABAC), Role Based Access Control (RBAC) and Event Based Access Control (EBAC) are widely used access control mechanisms. The ABAC system is much more complex in terms of policy reviews, hence analyzing the policy and reviewing or changing user permission are quite complex task. RBAC system is labor intensive and time consuming to build a model instance and it lacks flexibility to efficiently adapt to changing user’s, objects and security policies. EBAC model considered only the events to allocate access controls. Yet these mechanisms have limitations and offer feature complimentary to each other. So in this paper, Event-Role-Attribute based fine grained Access Control mechanism is proposed, it provide a flexible boundary which effectively adapt to changing user’s, objects and security policies based on the event. The flexible boundary is achieved by using temporal and environment state of an event. It improves the big data security and overcomes the disadvantages of the ABAC and RBAC mechanisms. The experiments are conducted to prove the effectiveness of the proposed Event-Role-Attribute based Access Control mechanism over ABAC and RBAC in terms of computational overhead.
14
KUHLMANN, MIRCO, KARSTEN SOHR, and MARTIN GOGOLLA. "Employing UML and OCL for designing and analysing role-based access control." Mathematical Structures in Computer Science 23, no. 4 (July 8, 2013): 796–833. http://dx.doi.org/10.1017/s0960129512000266.
Full textAbstract:
The stringent security requirements of organisations like banks or hospitals frequently adopt role-based access control (RBAC) principles to represent and simplify their internal permission management. While representing a fundamental advanced RBAC concept enabling precise restrictions on access rights, authorisation constraints increase the complexity of the resulting security policies so that tool support for convenient creation and adequate validation is required. A particular contribution of our work is a new approach to developing and analysing RBAC policies using a UML-based domain-specific language (DSL), which allows the hiding of the mathematical structures of the underlying authorisation constraints implemented in OCL. The DSL we present is highly configurable and extensible with respect to new concepts and classes of authorisation constraints, and allows the developer to validate RBAC policies in an effective way. The handling of dynamic (that is, time-dependent) constraints, their visual representation through the RBAC DSL and their analysis all form another part of our contribution. The approach is supported by a UML and OCL validation tool.
15
Tsegaye, Tamir, and Stephen Flowerday. "A Clark-Wilson and ANSI role-based access control model." Information & Computer Security 28, no. 3 (June 14, 2020): 373–95. http://dx.doi.org/10.1108/ics-08-2019-0100.
Full textAbstract:
Purpose An electronic health record (EHR) enables clinicians to access and share patient information electronically and has the ultimate goal of improving the delivery of healthcare. However, this can create security and privacy risks to patient information. This paper aims to present a model for securing the EHR based on role-based access control (RBAC), attribute-based access control (ABAC) and the Clark-Wilson model. Design/methodology/approach A systematic literature review was conducted which resulted in the collection of secondary data that was used as the content analysis sample. Using the MAXQDA software program, the secondary data was analysed quantitatively using content analysis, resulting in 2,856 tags, which informed the discussion. An expert review was conducted to evaluate the proposed model using an evaluation framework. Findings The study found that a combination of RBAC, ABAC and the Clark-Wilson model may be used to secure the EHR. While RBAC is applicable to healthcare, as roles are linked to an organisation’s structure, its lack of dynamic authorisation is addressed by ABAC. Additionally, key concepts of the Clark-Wilson model such as well-formed transactions, authentication, separation of duties and auditing can be used to secure the EHR. Originality/value Although previous studies have been based on a combination of RBAC and ABAC, this study also uses key concepts of the Clark-Wilson model for securing the EHR. Countries implementing the EHR can use the model proposed by this study to help secure the EHR while also providing EHR access in a medical emergency.
16
CHAE, S. h. "uT-RBAC: Ubiquitous Role-Based Access Control Model." IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences E89-A, no. 1 (January 1, 2006): 238–39. http://dx.doi.org/10.1093/ietfec/e89-a.1.238.
Full text
17
Dia, Ousmane Amadou, and Csilla Farkas. "Business Driven User Role Assignment." International Journal of Information Security and Privacy 7, no. 1 (January 2013): 45–62. http://dx.doi.org/10.4018/jisp.2013010104.
Full textAbstract:
The authors propose a business-oriented approach to support accurate and dynamic user-role assignments for the Role Based Access Control (RBAC) model. Their model, called Business-Driven Role Based Access Control (BD-RBAC), is composed of three layers. The first layer extends the RBAC model with the concepts of business roles, system roles, credentials, and users’ capabilities. The second layer dynamically assigns users to business and system roles, and filters outdated (abnormal) user-role assignments. The third layer supports exception handling and partial authorization. The novel aspect of the work is the adaptation of RBAC-based access control systems to changes in organizational needs, while reducing the burden of security administration. To this end, the authors have developed (1) a series of algorithms to compute internal and external user-role assignments based on organizational policies, users’ requests and capabilities, (2) and shown that their outputs are permissible, i.e., a legitimate user is authorized to activate the role, complete, i.e., a legitimate user can activate the roles necessary to perform all the requested tasks, and minimal, i.e., a legitimate user does not receive any non-authorized or not-needed privileges.
18
Sabri, Khair Eddin. "An Algebraic Model to Analyze Role-Based Access Control Policies." Modern Applied Science 12, no. 10 (September 12, 2018): 50. http://dx.doi.org/10.5539/mas.v12n10p50.
Full textAbstract:
Role-Based Access Control (RBAC) is a well known access control model used to preserve the confidentiality of information by specifying the ability of users to access information based on their roles. Usually these policies would be manipulated by combining or comparing them especially when defined in a distributed way. Furthermore, these policies should satisfy predefined authorization constraints.
In this paper, we present an algebraic model for specifying and analyzing RBAC policies. The proposed model enables us to specify policies and verify the satisfaction of predefined authorization constraints. Furthermore, the model allows us to combine policies and analyze their effect on predefined constraints. The model consists of few operators that give simplicity in specifying polices. We present a prototype tool used for facilitating the analysis.
19
Li, Yunliang, Zhiqiang Du, Yanfang Fu, and Liangxin Liu. "Role-Based Access Control Model for Inter-System Cross-Domain in Multi-Domain Environment." Applied Sciences 12, no. 24 (December 19, 2022): 13036. http://dx.doi.org/10.3390/app122413036.
Full textAbstract:
Information service platforms or management information systems of various institutions or sectors of enterprises are gradually interconnected to form a multi-domain environment. A multi-domain environment is convenient for managers to supervise and manage systems, and for users to access data across domains and systems. However, given the complex multi-domain environment and many users, the traditional or enhanced role-based access control (RBAC) model still faces some challenges. It is necessary to address issues such as role naming conflicts, platform–domain management conflicts, inter-domain management conflicts, and cross-domain sharing difficulties. For the above problems, a role-based access control model for inter-system cross-domain in multi-domain environment (RBAC-IC) is proposed. This paper formally defines the model, divides roles into abstract roles and specific roles, and designs the operating process of the access control model. The model has four characteristics: support role name repetition, platform–domain isolation management, inter-domain isolation management, and fine-grained cross-domain sharing. By establishing security violation formulas for security analysis, it is finally shown that RBAC-IC can operate safely.
20
Penelova, Maria. "Hybrid Role and Attribute Based Access Control Applied in Information Systems." Cybernetics and Information Technologies 21, no. 3 (September 1, 2021): 85–96. http://dx.doi.org/10.2478/cait-2021-0031.
Full textAbstract:
Abstract It this paper it is proposed a new access control model – Hybrid Role and Attribute Based Access Control (HRABAC). It is an extension of Role-Based Access Control (RBAC). HRABAC is designed for information systems and enterprise software and combines the advantages of RBAC and Attribute-Based Access Control (ABAC). HRABAC is easy configurable, fine-grained and supports role hierarchies. The proposed model HRABAC describes the access control scheme in Laravel package laravelroles/rolespermissions, which is developed by the author of the paper, as an answer to the requirements of practice of fine-grained and easy configurable access control solution. Laravel is chosen, because it is the most popular and the most widely used PHP framework. The package laravelroles/rolespermissions is developed on Laravel so that maximum number of programmers could use it. This package contains working and tested functionalities for managing users, roles and permissions, and it is applied in accounting information system.
21
Mowla, Saleh, Niharika Sinha, Raghavendra Ganiga, and Nisha P. Shetty. "Trust Enhanced Role Based Access Control Using Genetic Algorithm." International Journal of Electrical and Computer Engineering (IJECE) 8, no. 6 (December 1, 2018): 4724. http://dx.doi.org/10.11591/ijece.v8i6.pp4724-4734.
Full textAbstract:
<p>Improvements in technological innovations have become a boon for business organizations, firms, institutions, etc. System applications are being developed for organizations whether small-scale or large-scale. Taking into consideration the hierarchical nature of large organizations, security is an important factor which needs to be taken into account. For any healthcare organization, maintaining the confidentiality and integrity of the patients’ records is of utmost importance while ensuring that they are only available to the authorized personnel. The paper discusses the technique of Role-Based Access Control (RBAC) and its different aspects. The paper also suggests a trust enhanced model of RBAC implemented with selection and mutation only ‘Genetic Algorithm’. A practical scenario involving healthcare organization has also been considered. A model has been developed to consider the policies of different health departments and how it affects the permissions of a particular role. The purpose of the algorithm is to allocate tasks for every employee in an automated manner and ensures that they are not over-burdened with the work assigned. In addition, the trust records of the employees ensure that malicious users do not gain access to confidential patient data.</p>
22
Deng, Ji Qiu, Xiao Qing Luo, and Huang Ling Gu. "The Design and Implementation of G-RBAC Model in Map Permission." Advanced Materials Research 268-270 (July 2011): 1457–61. http://dx.doi.org/10.4028/www.scientific.net/amr.268-270.1457.
Full textAbstract:
With the development of WebGIS, it plays a more and more important role in government and enterprises. The effective way to access and control spatial data, because of relating to the security and business secrets of government and enterprises, becomes an urgent concern for them. Now, RBAC (Role Based Access Control) can be a valid method to access and control uniform resource, but it is lack of flexibility and real-time ability to control spatial data in WebGIS. For that, this paper proposes G-RBAC model based on RBAC model to enhance the flexibility and real-time ability to access spatial data.
23
Ghazal, Rubina, Ahmad Malik, Basit Raza, Nauman Qadeer, Nafees Qamar, and Sajal Bhatia. "Agent-Based Semantic Role Mining for Intelligent Access Control in Multi-Domain Collaborative Applications of Smart Cities." Sensors 21, no. 13 (June 22, 2021): 4253. http://dx.doi.org/10.3390/s21134253.
Full textAbstract:
Significance and popularity of Role-Based Access Control (RBAC) is inevitable; however, its application is highly challenging in multi-domain collaborative smart city environments. The reason is its limitations in adapting the dynamically changing information of users, tasks, access policies and resources in such applications. It also does not incorporate semantically meaningful business roles, which could have a diverse impact upon access decisions in such multi-domain collaborative business environments. We propose an Intelligent Role-based Access Control (I-RBAC) model that uses intelligent software agents for achieving intelligent access control in such highly dynamic multi-domain environments. The novelty of this model lies in using a core I-RBAC ontology that is developed using real-world semantic business roles as occupational roles provided by Standard Occupational Classification (SOC), USA. It contains around 1400 business roles, from nearly all domains, along with their detailed task descriptions as well as hierarchical relationships among them. The semantic role mining process is performed through intelligent agents that use word embedding and a bidirectional LSTM deep neural network for automated population of organizational ontology from its unstructured text policy and, subsequently, matching this ontology with core I-RBAC ontology to extract unified business roles. The experimentation was performed on a large number of collaboration case scenarios of five multi-domain organizations and promising results were obtained regarding the accuracy of automatically derived RDF triples (Subject, Predicate, Object) from organizational text policies as well as the accuracy of extracted semantically meaningful roles.
24
Cruz, Jason Paul, Yuichi Kaji, and Naoto Yanai. "RBAC-SC: Role-Based Access Control Using Smart Contract." IEEE Access 6 (2018): 12240–51. http://dx.doi.org/10.1109/access.2018.2812844.
Full text
25
Fragkos, Georgios, Jay Johnson, and Eirini Eleni Tsiropoulou. "Centralized and Decentralized Distributed Energy Resource Access Control Implementation Considerations." Energies 15, no. 17 (September 1, 2022): 6375. http://dx.doi.org/10.3390/en15176375.
Full textAbstract:
A global transition to power grids with high penetrations of renewable energy generation is being driven in part by rapid installations of distributed energy resources (DER). New DER equipment includes standardized IEEE 1547-2018 communication interfaces and proprietary communications capabilities. Interoperable DER provides new monitoring and control capabilities. The existence of multiple entities with different roles and responsibilities within the DER ecosystem makes the Access Control (AC) mechanism necessary. In this paper, we introduce and compare two novel architectures, which provide a Role-Based Access Control (RBAC) service to the DER ecosystem’s entities. Selecting an appropriate RBAC technology is important for the RBAC administrator and users who request DER access authorization. The first architecture is centralized, based on the OpenLDAP, an open source implementation of the Lightweight Directory Access Protocol (LDAP). The second approach is decentralized, based on a private Ethereum blockchain test network, where the RBAC model is stored and efficiently retrieved via the utilization of a single Smart Contract. We have implemented two end-to-end Proofs-of-Concept (PoC), respectively, to offer the RBAC service to the DER entities as web applications. Finally, an evaluation of the two approaches is presented, highlighting the key speed, cost, usability, and security features.
26
Patil, Suraj Krishna, Sandipkumar Chandrakant Sagare, and Alankar Shantaram Shelar. "Use of Purpose and Role Based Access Control Mechanisms to Protect Data Within RDBMS." International Journal of Software Innovation 8, no. 1 (January 2020): 82–91. http://dx.doi.org/10.4018/ijsi.2020010105.
Full textAbstract:
Privacy is the key factor to handle personal and sensitive data, which in large chunks, is stored by database management systems (DBMS). It provides tools and mechanisms to access and analyze data within it. Privacy preservation converts original data into some unknown form, thus protecting personal and sensitive information. Different access control mechanisms such as discretionary access control, mandatory access control is used in DBMS. However, they hardly consider purpose and role-based access control in DBMS, which incorporates policy specification and enforcement. The role based access control (RBAC) regulates the access to resources based on the roles of individual users. Purpose based access control (PuBAC) regulates the access to resources based on purpose for which data can be accessed. It regulates execution of queries based on purpose. The PuRBAC system uses the policies of both, i.e. PuBAC and RBAC, to enforce within RDBMS.
27
Arora, Amar, and Anjana Gosain. "Dynamic Trust Emergency Role-based Access Control (DTE-RBAC)." International Journal of Computer Applications 175, no. 24 (October 15, 2020): 20–24. http://dx.doi.org/10.5120/ijca2020920773.
Full text
28
Han, Gui Ying, and Xi Zuo Li. "The Implementation of Rights Management of Network Teaching Platform with Role-Based Access Control." Applied Mechanics and Materials 433-435 (October 2013): 1603–8. http://dx.doi.org/10.4028/www.scientific.net/amm.433-435.1603.
Full textAbstract:
For the system security risks of multiple administrators to manage the network teaching platform, role-based access control (RBAC) from the ThinkPHP framework is used to implement the rights management of the network teaching platform. Teachers or administrators access and can only access the related function modules or methods authorized by the super administrator. It facilitates the rights management of the network teaching platform and makes a clear division of works for the multiple administrators and more scientific management of the platform. Practice shows that RBAC-based rights management for the network teaching platform is simple, practical and has a good application value.
29
Yastrebov, Ilia. "Role-Based Access Control for the Large Hadron Collider at CERN." International Journal of Computers Communications & Control 5, no. 3 (September 1, 2010): 398. http://dx.doi.org/10.15837/ijccc.2010.3.2491.
Full textAbstract:
Large Hadron Collider (LHC) is the largest scientific instrument ever created. It was built with the intention of testing the most extreme conditions of the matter. Taking into account the significant dangers of LHC operations, European Organization for Nuclear Research (CERN) has developed multi-pronged approach for machine safety, including access control system. This system is based on rolebased access control (RBAC) concept. It was designed to protect from accidental and unauthorized access to the LHC and injector equipment. This paper introduces the new model of the role-based access control developed at CERN and gives detailed mathematical description of it. We propose a new technique called dynamic authorization that allows deploying RBAC gradually in the large systems. Moreover, we show how the protection for the very large distributed equipment control system may be implemented in efficient way. This paper also describes motivation of the project, requirements and overview of the main components: authentication and authorization.
30
Chen, Ling. "Research on Role Access Control Model Based on Identity Authentication." Journal of Physics: Conference Series 2025, no. 1 (September 1, 2021): 012105. http://dx.doi.org/10.1088/1742-6596/2025/1/012105.
Full textAbstract:
Abstract Cryptography and access control are the core technologies for a secure operating system. Cryptography can guarantee the confidentiality, integrity, availability and unforgeability of information in the access control system. In the identity-based cryptosystem, the user’s private key is centrally generated by the key distribution center, and key escrow is a major security risk. In view of this problem, it is proposed that multiple trusted entities participate in the key distribution scheme in a serial manner. At the same time, this paper adds a separate blind factor to each user to increase security of the scheme; it also introduces the concept of virtual key, which uses additivity of the key space in the pair-based encryption scheme. In key generation, a timestamp T is added, which enables one-time pad of the system, enhances security of the system, and eliminates collusion attacks by KGC and multiple KPA. Finally, the improved signcryption scheme is combined with the RBAC model, and the I_RBAC model is proposed, which enables identity authentication and information confidentiality of users in simple communication in the RBAC model. Finally, the efficiency and safety of this scheme are analyzed.
31
Sinha, Geetanjali, Prabhu Shankar K.C, and Shaurya Jain. "Evolution of access control models for protection of patient details: a survey." International Journal of Engineering & Technology 7, no. 2.8 (March 19, 2018): 554. http://dx.doi.org/10.14419/ijet.v7i2.8.10520.
Full textAbstract:
Hospitals across the world are adapting to Electronic Hospital Information Systems and are moving away from the manual paper systems to provide patients efficient services. Numerous Access ControlModels have been deployed for securing patient privacy one of them being Role Based Access Control Model (RBAC). The current models merely allow access on the basis of roles and role hierarchy without actually understanding the real intention of the person accessing the system. This could lead to a compromise of patient privacy and thus new methods have been evolving. In this survey we will see an evolution of the access control models which lead to the discovery of KC-RBAC (Knowledge Constrained Role Based Access Control) Model which takes into consideration the knowledge related to the medical domain along with the role to provide authorization.
32
Qin, Sheng Jun, and Ken E. Li. "The Research of Group Hierarchy Access Control in E-Government System." Advanced Materials Research 834-836 (October 2013): 1840–43. http://dx.doi.org/10.4028/www.scientific.net/amr.834-836.1840.
Full textAbstract:
In order to meet the requirements of E-Government System with complex user relationships and diversified business process , this paper proposed an advanced RBAC model named Group Hierarchy Role-Based Access Control (GH-RBAC). In this model, tradition user role assignment have been reformed to multilayer user group role group assignment which improve the scalability and adaptability of access control. Finally, we design and implement the extend model which emphasis the way to carry out access control module with the low coupling.
33
Lee, Woomyo, Gunhee Lee, Sinkyu Kim, and Jungtaek Seo. "SG-RBAC : Role Based Access Control Model for Smart Grid Environment." Journal of the Korea Institute of Information Security and Cryptology 23, no. 2 (April 30, 2013): 307–18. http://dx.doi.org/10.13089/jkiisc.2013.23.2.307.
Full text
34
Nyame, Gabriel, Zhiguang Qin, Kwame Opuni-Boachie Obour Agyekum, and Emmanuel Boateng Sifah. "An ECDSA Approach to Access Control in Knowledge Management Systems Using Blockchain." Information 11, no. 2 (February 17, 2020): 111. http://dx.doi.org/10.3390/info11020111.
Full textAbstract:
Access control has become problematic in several organizations because of the difficulty in establishing security and preventing malicious users from mimicking roles. Moreover, there is no flexibility among users in the participation in their roles, and even controlling them. Several role-based access control (RBAC) mechanisms have been proposed to alleviate these problems, but the security has not been fully realized. In this work, however, we present an RBAC model based on blockchain technology to enhance user authentication before knowledge is accessed and utilized in a knowledge management system (KMS). Our blockchain-based system model and the smart contract ensure that transparency and knowledge resource immutability are achieved. We also present smart contract algorithms and discussions about the model. As an essential part of RBAC model applied to KMS environment, trust is ensured in the network. Evaluation results show that our system is efficient.
35
Yarmak, A. "Post-Quantum Cryptographic Access Control Based on Hierarchical RBAC Model." Proceedings of Telecommunication Universities 8, no. 4 (January 10, 2023): 119–29. http://dx.doi.org/10.31854/1813-324x-2022-8-4-119-129.
Full textAbstract:
The paper considers the isogeny-based cryptographically enforced data access control scheme CSIDH-HRBAC for untrusted cloud. CSIDH-HRBAC is based on a role-based access control model with support for a role hierarchy system. The proposed scheme implies the presence of a trusted party that manages cryptographic keys associated with users, roles, files. The basic procedures for gaining access to data, revoking access rights, adding new entities and updating parameters are given. Typical scenarios of attacks on the proposed scheme are considered, including role substitution, collusion by participants to compute the parent role key, attempt to access data after role revocation from user. To evaluate the performance of cryptographic operations, the simulation of the basic procedures was performed. The advantages and limitations of the CSIDH-HRBAC scheme are discussed. In particular, the need for protection against threats from the administrator, the prospect of using lattice-based post-quantum cryptographic primitives is noted.
36
Fan, Long, He Huang, and Wei Kang. "Design and Implementation of Role and Group Based Access Control with Context in Document Access Control System." Applied Mechanics and Materials 427-429 (September 2013): 2795–99. http://dx.doi.org/10.4028/www.scientific.net/amm.427-429.2795.
Full textAbstract:
In traditional role-based access control (Role Based Access Control, RBAC), proposed the role and user-groups based on access control with context-aware (Role and Group Based Access Control with Context, RGBACC) model. RGBACC can do unified functional management to users, and can dynamically change the user's permission by the information from application environment in the context of access and security-related .This article RGBACC model applied to the actual document access control system, and the system design and implementation of a detailed description.
37
Yang, Jiyong, Xiajiong Shen, Wan Chen, Qiang Ge, Lei Zhang, and HaoLin Chen. "A Model Study on Collaborative Learning and Exploration of RBAC Roles." Wireless Communications and Mobile Computing 2021 (June 24, 2021): 1–9. http://dx.doi.org/10.1155/2021/5549109.
Full textAbstract:
Role-based access control (RBAC) can effectively guarantee the security of user system data. With its good flexibility and security, RBAC occupies a mainstream position in the field of access control. However, the complexity and time-consuming of the role establishment process seriously hinder the development and application of the RBAC model. The introduction of the assistant interactive question answering algorithm based on attribute exploration (semiautomatic heuristic way to build an RBAC system) greatly reduces the complexity of building a role system. However, there are some defects in the auxiliary interactive Q&A algorithm based on attribute exploration. The algorithm is not only unable to support multiperson collaborative work but also difficult to find qualified Q&A experts in practical work. Aiming at the above problems, this paper proposes a model collaborative learning and exploration of RBAC roles under the framework of attribute exploration. In this model, after interactive Q&A with experts in different permissions systems by using attribute exploration, the obtained results are merged and calculated to get the correct role system. This model not only avoids the time-consuming process of role requirement analysis but also provides a feasible scheme for collaborative role discovery in multidepartment permissions.
38
Alattab, Ahmed Abdu, Reyazur Rashid Irshad, Anwar Ali Yahya, and Amin A. Al-Awady. "Privacy Protected Preservation of Electric Vehicles’ Data in Cloud Computing Using Secure Data Access Control." Energies 15, no. 21 (October 31, 2022): 8085. http://dx.doi.org/10.3390/en15218085.
Full textAbstract:
Cloud computing provides a ubiquitous data storage and access mechanism for organizations, industries, and smart grids to facilitate their operations. However, the concern in cloud storage systems is to secure data access control toward authentication for sensitive data, such as the electric vehicles (EVs) requesting information for attending a charging service. Consequently, denying an authentic user’s request will result in delaying the requested service, thereby leading to service inefficiency. The role-based access control (RBAC) plays a crucial role in securing and authenticating such time-sensitive data. The design mechanism of roles is based on skills, authority, and responsibilities for organizations. For EVs, the roles are based on the type of membership, such as permanent, occasional, or one-time. In this paper, we propose a new RBAC access control and privacy-preserving information access method toward the coarse-grained measure control and privacy protection in the cloud storage system for EVs. The data can be encrypted and decrypted based on the types of users who possess appropriate access permission toward authorized and unauthorized users according to their roles specified by role-based access control policies. The proposed approach has been simulated with various role-based scenarios, and the efficiency was evaluated against state-of-the-art role-based access-control techniques.
39
Zhang, Jian Hua, and Qiang Liu. "An Administration Iteration Problem and its Solution when Deploying the RBAC Model." Applied Mechanics and Materials 263-266 (December 2012): 1584–87. http://dx.doi.org/10.4028/www.scientific.net/amm.263-266.1584.
Full textAbstract:
Access control is an important infrastructure of an information system. Role-Based Access Control (RBAC) model is the main-stream access control model. When deploying a RBAC model, there is an administration iteration problem which needs the information engineers to define the administrator structure before running the RBAC model, which make the deploying process redundancy and complex, make the running process rigid, and result in decrease of control capability of RBAC model. We present a top-down method. In this method, we define the administration authority as the source of management authority and set up the right and liability mechanism of RBAC. By this method, the administrator structure will be defined and expanded by administrators according to application requirements, and the right and liability mechanism can make sure these administrators should perform their management authorities responsibly and legally. Our method can solve the administration iteration problem and improve the flexibility of RBAC model.
40
Lee, Bong-Hwan, and Hyun-Sug Cho. "Role-based User Access Control with Working Status for u-Healthcare System." KIPS Transactions:PartC 17C, no. 2 (April 30, 2010): 173–80. http://dx.doi.org/10.3745/kipstc.2010.17c.2.173.
Full text
41
Nagrale, Vikas, Mayur Yalij, and Ashutosh Kumar. "Data Security of Dynamic and Robust Role Based Access Control from Multiple Authorities in Cloud Environment." International Journal for Research in Applied Science and Engineering Technology 10, no. 5 (May 31, 2022): 1307–9. http://dx.doi.org/10.22214/ijraset.2022.42489.
Full textAbstract:
Abstract: Data integrity maintenance is the major objective in cloud storage. It includes audition using TTP for unauthorized access. This work implements protecting the data and regeneration of data if someone mishandles it. This job will be assigned to a Proxy server. The data of the users will be stored in public and private area of the cloud. So that only public cloud data will be accessed by user and private cloud will remain more secured. Once any unauthorized modification is made, the original data in the private cloud will be retrieved by the Proxy server and will be returned to the user. Cloud storage generally provides different redundancy configuration to users in order to maintain the desired balance between performance and fault tolerance. Data availability is critical in distributed storage systems, especially when node failures are prevalent in real life. This research work explores secure data storage and sharing using proposed AES 128 encryption algorithm and Role Base Access Control (RBAC) for secure data access scheme for end user. This work also carried out backup server approach it works like proxy storage server for ad hoc data recovery for all distributed data servers. The experiment analysis has proposed in public as well as private cloud environment. Keywords: RBAC, Elgamal encryption scheme; secure user access policy; Proxy Key Generation, Role Base Access Control (RBAC), advanced encryption standard (AES), etc.
42
Danilescu, Marcel, and Victor Besliu. "TRUST- BASED MODELING MAC-TYPE ACCESS CONTROL THROUGH ACCESS AND ACTIONS CONTROL POLICIES." Journal of Engineering Science XXVIII, no. 2 (June 2021): 67–78. http://dx.doi.org/10.52326/jes.utm.2021.28(2).05.
Full textAbstract:
In recent decades, the number of researches on access control and user actions in computer systems has increased. Over time, there have been two models of implementing Mandatory Access Control (MAC) policies for government institutions and Discretionary Access Control (DAC) for the business environment, policies that various access control modeling solutions seek to implement. Among the access control modeling solutions developed are Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC), presented in the U.S.A. by the National Institute of Standard and Technology (NIST). In Romania, in 2010, the access control solution based on trust was presented. This paper presents Mandatory Access Control policy modeling using the trust-based access and actions control modeling solution.
43
Dong, Li Jun, Mao Cai Wang, and Xiao Jun Kang. "Mining Least Privilege Roles by Genetic Algorithm." Applied Mechanics and Materials 121-126 (October 2011): 4508–12. http://dx.doi.org/10.4028/www.scientific.net/amm.121-126.4508.
Full textAbstract:
Role-based access control (RBAC) has been adopted widely by reducing the complexity of the management of access control. The least privilege principle is a very important constraint policy of RBAC. A key problem related to this is the notion of goodness/interestingness – when is a role good? Devising a complete and correct set of roles for supporting the least privilege principle has been recognized as one of the most important tasks in implementing RBAC. In this paper, to address this problem, we map this problem to a formal definition in mathematics – δ-approx least privilege mining (δ-approx LPM). We introduce a method named GABM to enforce LPM based on the generic algorithm. By GABM, the least privilege roles can be found out correctly. Our experiments display the effect of GABM. Finally, we conclude our work.
44
He, Li, and Wen Lei Sun. "A Fine-Grained Access Control Approach for Parts Resource Sharing." Applied Mechanics and Materials 722 (December 2014): 159–63. http://dx.doi.org/10.4028/www.scientific.net/amm.722.159.
Full textAbstract:
To meet users’ actual demands for fine-grained access control (FGAC) to data object in web-based parts resource sharing platform, a FGAC approach for parts resource sharing is proposed to enable both the providers and administrators to manage the permissions of parts resource jointly. In this approach, all levels of detail (LODs) are introduced in the part resource information firstly. Then, a role-based access control model for parts resource sharing, called RBAC_PRS, is provided on the basic of RBAC (Role-Based Access Control) and O-RBAC (Owners-Based Access Control) models, and the permission administration policy is also formulated in condition of the separation between ownership and usufruct of parts resource. To provide the better authorization route, two middle layers: function sets and component sets, are added in permission-role assignment process, and each role’s assignment rules are explicitly specified in an XSLT style sheet. Furthermore, an XML-XSLT based approach is adopted to accomplish the diversity expression of user-accessible view based on FGAC. And it could ensure to practice the web-based knowledge sharing system safely.
45
Subramanian, Chandra Mouliswaran, and Aswani Kumar Cherukuri. "Fuzzy Role Based Access Control Design using Fuzzy Ontology." International Journal of Information Technology Project Management 10, no. 4 (October 2019): 118–36. http://dx.doi.org/10.4018/ijitpm.2019100105.
Full textAbstract:
Fuzzy role-based access control (FRBAC) is essential for risk-based environments in many futuristic applications, even though role-based access control (RBAC) is the efficient and widely used access control model for enterprise applications. In FRBAC, authorization related information is vague. It brings the fuzziness in mapping among the components of FRBAC such as user, role and permission. Holding the fuzziness in FRBAC, it is challenging for the security engineer to verify the constraints and correctness of access control policy. On verifying the constraints and correctness of access control policy, knowledge representation techniques are much useful in practice. In this scenario, representing FRBAC using fuzzy ontology might be the right choice for semantic web application. The main objective of this article is to represent the access permissions of FRBAC using fuzzy ontology and verify whether the constraints of FRBAC are possible to get implemented in it or not.
46
Al-hadhrami, Nasser, Benjamin Aziz, and Lotfi ben Othmane. "An Incremental B-Model for RBAC-Controlled Electronic Marking System." International Journal of Secure Software Engineering 7, no. 2 (April 2016): 37–64. http://dx.doi.org/10.4018/ijsse.2016040103.
Full textAbstract:
The incremental development of software through the addition of new features and the insertion of new access rules potentially renders the access control models inconsistent and creates security flaws. This paper proposes modeling Role Based Access Control (RBAC) models of these software using the B language and re-evaluating the consistency of the models following model changes. It shows the mechanism of formalizing RBAC policies of an Electronic Marking System (EMS) using B specifications and illustrates the verification of the consistency of the RBAC specification, using model checking and proof obligations. In addition, it shows how to address inconsistencies that result from incremental specification of system' architectures.
47
Doan, Thuong, Steven Demurjian, Laurent Michel, and Solomon Berhe. "Integrating Access Control into UML for Secure Software Modeling and Analysis." International Journal of Secure Software Engineering 1, no. 1 (January 2010): 1–19. http://dx.doi.org/10.4018/jsse.2010102001.
Full textAbstract:
Access control models are often an orthogonal activity when designing, implementing, and deploying software applications. Role-based access control (RBAC) which targets privileges based on responsibilities within an application and mandatory access control (MAC) that emphasizes the protection of information via security tags are two dominant approaches in this regard. The integration of access control into software modeling and analysis is often loose and significantly lacking, particularly when security is such a high-priority concern in applications. This article presents an approach to integrate RBAC and MAC into use-case, class, and sequence diagrams of the unified modeling language (UML), providing a cohesive approach to secure software modeling that elevates security to a first-class citizen in the process. To insure that a UML design with security does not violate RBAC or MAC requirements, design-time analysis checks security constraints whenever a new UML element is added or an existing UML element is modified, while post-design analysis checks security constraints across the entire design for conflicts and inconsistencies. These access control extensions and security analyses have been prototyped within a UML tool.
48
Ameer, Safwa, James Benson, and Ravi Sandhu. "An Attribute-Based Approach toward a Secured Smart-Home IoT Access Control and a Comparison with a Role-Based Approach." Information 13, no. 2 (January 25, 2022): 60. http://dx.doi.org/10.3390/info13020060.
Full textAbstract:
The area of smart homes is one of the most popular for deploying smart connected devices. One of the most vulnerable aspects of smart homes is access control. Recent advances in IoT have led to several access control models being developed or adapted to IoT from other domains, with few specifically designed to meet the challenges of smart homes. Most of these models use role-based access control (RBAC) or attribute-based access control (ABAC) models. As of now, it is not clear what the advantages and disadvantages of ABAC over RBAC are in general, and in the context of smart-home IoT in particular. In this paper, we introduce HABACα, an attribute-based access control model for smart-home IoT. We formally define HABACα and demonstrate its features through two use-case scenarios and a proof-of-concept implementation. Furthermore, we present an analysis of HABACα as compared to the previously published EGRBAC (extended generalized role-based access control) model for smart-home IoT by first describing approaches for constructing HABACα specification from EGRBAC and vice versa in order to compare the theoretical expressiveness power of these models, and second, analyzing HABACα and EGRBAC models against standard criteria for access control models. Our findings suggest that a hybrid model that combines both HABACα and EGRBAC capabilities may be the most suitable for smart-home IoT, and probably more generally.
49
Omran, Esraa, Tyrone Grandison, David Nelson, and Albert Bokma. "A Comparative Analysis of Chain-Based Access Control and Role-Based Access Control in the Healthcare Domain." International Journal of Information Security and Privacy 7, no. 3 (July 2013): 36–52. http://dx.doi.org/10.4018/jisp.2013070103.
Full textAbstract:
The importance of electronic healthcare has caused numerous changes in both substantive and procedural aspects of healthcare processes. These changes have produced new challenges for patient privacy and information secrecy. Traditional privacy policies cannot respond to rapidly increased privacy needs of patients in electronic healthcare. Technically enforceable privacy policies are needed in order to protect patient privacy in modern healthcare with its cross-organizational information sharing and decision making. This paper proposes a personal information flow model that proposes a limited number of acts on this type of information. Ontology-classified chains of these acts can be used instead of the “intended business purposes” in the context of privacy access control. This enables the seamless integration of security and privacy into existing healthcare applications and their supporting infrastructures. In this paper, the authors present their idea of a Chain-Based Access Control (ChBAC) mechanism and provide a comparative analysis of it to Role-Based Access Control (RBAC). The evaluation is grounded in the healthcare domain and examines a range of typical access scenarios and approaches.
50
Fan, Ya Qin, Ge Zhang, Fei Fei Li, and Xin Zhang. "Design of SSL VPN System Based on RBAC Access." Advanced Materials Research 765-767 (September 2013): 1299–302. http://dx.doi.org/10.4028/www.scientific.net/amr.765-767.1299.
Full textAbstract:
Abstract: in order to solve the access control system loopholes, can appear the problem of chaotic management, security failure and conflict of competence, this paper studies the access control model, on the basis of the design of a SSL VPN oriented access control system, the authentication module, access control module, role access module and security detection module design. The realization technology of system user identity. This has practical reference significance to the personnel security technology research network.