A role-based access control model and reference implementation within a corporate intranet
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
TRBAC: A temporal role-based access control model
ACM Transactions on Information and System Security (TISSEC)
An authorization model for temporal and derived data: securing information portals
ACM Transactions on Information and System Security (TISSEC)
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
A generalized temporal role based access control model for developing secure systems
A generalized temporal role based access control model for developing secure systems
Formal model and policy specification of usage control
ACM Transactions on Information and System Security (TISSEC)
TrustBAC: integrating trust relationships into the RBAC model for access control in open systems
Proceedings of the eleventh ACM symposium on Access control models and technologies
Modeling and analyzing the impact of authorization on workflow executions
Future Generation Computer Systems
Allocating Resources for Workflows Running under Authorization Control
GRID '12 Proceedings of the 2012 ACM/IEEE 13th International Conference on Grid Computing
Ontology-based access control model for security policy reasoning in cloud computing
The Journal of Supercomputing
| Hi-index | 0.00 |
Interactions between resources as well as services are one of the fundamental characteristics in the distributed multi-application environments. In such environments, attribute-based access control (ABAC) mechanisms are gaining in popularity while the role-based access control (RBAC) mechanism is widely accepted as a general mechanism for authorization management. This paper proposes a new access control model, CRBAC, which aims to combine the advantages of RBAC and ABAC, and integrates all kinds of constraints into the RBAC model. Unlike other work in this area, which only incorporates one or a few particular attribute constraints into RBAC, this paper analyses and abstracts the generic properties of the attribute constraints imposed on authorization systems. Based on these analyses and generalization, two constraints templates are presented, called authorization mapping constraint template and behaviour constraint template. The former template is able to automate the user-role and role-permission mapping, while the latter is used to restrict the behaviours of the authorization entities. The attribute constraints are classified into these two templates. Moreover, the state mechanism is introduced to build up the constraints among the statuses of the entities, and reflect the outcomes of the authorization control as well. Based on the presented templates and the state mechanism, the execution model is developed. A use case is proposed to show the authorization process of our proposed model. The extensive analyses are conducted to show its multi-grained constraints by comparing with other models.