Advanced Permission-Role Relationship in Role-Based Access Control

Authors:
Min Li;Hua Wang;Ashley Plank;Jianming Yong
Affiliations:
Department of Mathematics & Computing, University of Southern Queensland, Australia;Department of Mathematics & Computing, University of Southern Queensland, Australia;Department of Mathematics & Computing, University of Southern Queensland, Australia;School of Information Systems, Faculty of Business University of Southern Queensland, Australia
Venue:
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Year:
2008

Citing 12
Cited 1

Specifying and managing role-based access control within a corporate intranet

RBAC '97 Proceedings of the second ACM workshop on Role-based access control
The role graph model and conflict of interest

ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
A role-based access control model and reference implementation within a corporate intranet

ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The specification and enforcement of authorization constraints in workflow management systems

ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The ARBAC97 model for role-based administration of roles

ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Formal Authorization Allocation Approaches for Role-Based Access Control Based on Relational Algebra Operations

WISE '02 Proceedings of the 3rd International Conference on Web Information Systems Engineering
An Efficient Divisible Electronic Cash Scheme

CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Fair Off-Line e-cash Made Easy

ASIACRYPT '98 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
The ARBAC99 Model for Administration of Roles

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Formal authorisation allocation approaches for permission-role assignments using relational algebra operations

ADC '03 Proceedings of the 14th Australasian database conference - Volume 17
Building a consumer scalable anonymity payment protocol for Internet purchases

RIDE '02 Proceedings of the 12th International Workshop on Research Issues in Data Engineering: Engineering E-Commerce/E-Business Systems (RIDE'02)
Delegating revocations and authorizations

BPM'07 Proceedings of the 2007 international conference on Business process management

Protecting Information Sharing in Distributed Collaborative Environment

Advanced Web and NetworkTechnologies, and Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

Permission-role assignment is an important issue in role-based access control (RBAC). There are two types of problems that may arise in permission-role assignment. One is related to authorization granting process. Conflicting permissions may be granted to a role, and as a result, users with the role may have or derive a high level of authority. The other is related to authorization revocation. When a permission is revoked from a role, the role may still have the permission from other roles. In this paper, we discuss granting and revocation models related to mobile and immobile memberships between permissions and roles, then provide proposed authorization granting algorithm to check conflicts and help allocate the permissions without compromising the security. To our best knowledge, the new revocation models, local and global revocation, have not been studied before. The local and global revocation algorithms based on relational algebra and operations provide a rich variety. We also apply the new algorithms to an anonymity scalable payment scheme.