Supporting dynamic administration of RBAC in web-based collaborative applications during run-time

Authors:
Ioannis Mavridis;Andreas Mattas;Ioannis Pagkalos;Isabella Kotini;Christos Ilioudis
Affiliations:
Department of Applied Informatics, University of Macedonia, 156 Egnatia Street, 54006, Thessaloniki, Greece.;Informatics Laboratory, Faculty of Technology, Aristotle University of Thessaloniki, 54006, Thessaloniki, Greece.;Informatics Laboratory, Faculty of Technology, Aristotle University of Thessaloniki, 54006, Thessaloniki, Greece.;Department of Applied Informatics, University of Macedonia, 156 Egnatia Street, 54006, Thessaloniki, Greece.;Informatics Laboratory, Faculty of Technology, Aristotle University of Thessaloniki, 54006, Thessaloniki, Greece
Venue:
International Journal of Information and Computer Security
Year:
2008

Citing 26
Cited 0

Policies and roles in collaborative applications

CSCW '96 Proceedings of the 1996 ACM conference on Computer supported cooperative work
Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments

RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Flexible meta access-control for collaborative applications

CSCW '98 Proceedings of the 1998 ACM conference on Computer supported cooperative work
The ARBAC97 model for role-based administration of roles

ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Security models for web-based applications

Communications of the ACM
Flexible team-based access control using contexts

SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
A model of OASIS role-based access control and its support for active security

SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
TRBAC: A temporal role-based access control model

ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control

ACM Transactions on Information and System Security (TISSEC)
A model for role administration using organization structure

SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Authorization and Access Control of Application Data in Workflow Systems

Journal of Intelligent Information Systems - Special issue: A survey of research questions for intelligent information systems in education
Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management

Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
An Authorization Model for Workflows

ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
An administration concept for the enterprise role-based access control model

Proceedings of the eighth ACM symposium on Access control models and technologies
PBDM: a flexible delegation model in RBAC

Proceedings of the eighth ACM symposium on Access control models and technologies
The ARBAC99 Model for Administration of Roles

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Organization based access control

POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Toward an Improved RBAC Model for the Organic Organization

ICPADS '02 Proceedings of the 9th International Conference on Parallel and Distributed Systems
Engineering of Role/Permission Assignments

ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Towards Dynamically Administered Role-Based Access Control

DEXA '03 Proceedings of the 14th International Workshop on Database and Expert Systems Applications
Modelling Contexts in the Or-BAC Model

ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
A meta model for authorisations in application security systems and their integration into RBAC administration

Proceedings of the ninth ACM symposium on Access control models and technologies
A composite rbac approach for large, complex organizations

Proceedings of the ninth ACM symposium on Access control models and technologies
A Generalized Temporal Role-Based Access Control Model

IEEE Transactions on Knowledge and Data Engineering
Access control in collaborative systems

ACM Computing Surveys (CSUR)
A Petri net based safety analysis of workflow authorization models^1

Journal of Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

The requirements for the efficient management of authorisations in web-based collaborative applications lead to new access control administration paradigms during run-time. The need for fine-grained and just-in-time access control can effectively be addressed by dynamic administration of authorisations, via either proper role or permission activation. In this paper, an authorisation architecture that is based on the Dynamically Administering Role-based Access Control (DARBAC) model, and provides access control and meta-access control capabilities, is presented. The paper describes the implementation of the components and the structure of the architecture within the.NET framework. The application of the implemented access control system is also demonstrated. Based on the results of this demonstration, a more detailed investigation of the benefits of the proposed approach, which are related to improvements in the administration of Role-based Access Control (RBAC) during run-time, is presented.