Flexible authorisation in dynamic e-business environments using an organisation structure-based access control model

Authors:
Tsung-Yi Chen;Yuh-Min Chen;Chin-Bin Wang;Hui-Chuan Chu
Affiliations:
Department of Electronic Commerce Management, Nanhua University, Chia-Yi, Taiwan, ROC;Institute of Manufacturing Engineering, National Cheng Kung University, Tainan, Taiwan, ROC;Department of Electronic Commerce Management, Nanhua University, Chia-Yi, Taiwan, ROC;National University of Tainan, Taiwan, ROC
Venue:
International Journal of Computer Integrated Manufacturing
Year:
2009

Citing 23
Cited 1

Control principles and role hierarchies

RBAC '98 Proceedings of the third ACM workshop on Role-based access control
A model for role administration using organization structure

SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
A model of OASIS role-based access control and its support for active security

ACM Transactions on Information and System Security (TISSEC)
Designing Role Hierarchies for Access Control in Workflow Systems

COMPSAC '01 Proceedings of the 25th International Computer Software and Applications Conference on Invigorating Software Development
Design of Collaborative Agent System with Access Control for Smart-Office Environmen

WETICE '01 Proceedings of the 10th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
An administration concept for the enterprise role-based access control model

Proceedings of the eighth ACM symposium on Access control models and technologies
The role control center: features and case studies

Proceedings of the eighth ACM symposium on Access control models and technologies
Role-based access control for collaborative enterprise in peer-to-peer computing environments

Proceedings of the eighth ACM symposium on Access control models and technologies
PBDM: a flexible delegation model in RBAC

Proceedings of the eighth ACM symposium on Access control models and technologies
On modeling system-centric information for role engineering

Proceedings of the eighth ACM symposium on Access control models and technologies
Advanced Features for Enterprise-Wide Role-Based Access Control

ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
A Model for Attribute-Based User-Role Assignment

ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
A Logic For State Transformations in Authorization Policies

CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
An Object-Oriented Organizational Model to Support Dynamic Role-based Access Control in Electronic Commerce Applications

HICSS '99 Proceedings of the Thirty-second Annual Hawaii International Conference on System Sciences-Volume 8 - Volume 8
A rule-based framework for role-based delegation and revocation

ACM Transactions on Information and System Security (TISSEC)
Specification and Classification of Role-based Authorization Policies

WETICE '03 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
Specification and Verification of Constraints in Role Based Access Control for Enterprise Security System

WETICE '03 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
Task-role-based access control model

Information Systems
An XACML-based Policy Management and Authorization Service for Globus Resources

GRID '03 Proceedings of the 4th International Workshop on Grid Computing
Administration of an RBAC System

HICSS '04 Proceedings of the Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS'04) - Track 7 - Volume 7
First experiences using XACML for access control in distributed systems

Proceedings of the 2003 ACM workshop on XML security
Using uml to visualize role-based access control constraints

Proceedings of the ninth ACM symposium on Access control models and technologies
A composite rbac approach for large, complex organizations

Proceedings of the ninth ACM symposium on Access control models and technologies

Association-Based Active Access Control models with balanced scalability and flexibility

Computers in Industry

Quantified Score

Hi-index	0.00

Visualization

Abstract

In dynamic e-business and e-manufacturing environments, enterprises require a secure access control mechanism based on an access control model to manage employee authorisations flexibly. This study presents an organisation structure-based access control (OSAC) model based on a task-role-based access control (T-RBAC) model. The OSAC model emphasises that employee authorisations are generated directly based on their position in the enterprise organisational structure. The proposed model extends the concepts of static separation of duty (SSD), dynamic separation of duty (DSD), prerequisite, and cardinality constraints in the role-based access control (RBAC) model to present department and role relations that identify the cooperative interactive relations among roles across department boundaries to facilitate resource sharing among roles and simplify enterprise resource management. Various relations and applied examples are demonstrated using the class model in unified modelling language (UML). Examples of inappropriate use of relations that lead to violation of relation are also presented. To demonstrate the feasibility of the proposed model for most businesses, a case study involving an automobile component producer is presented and an OSAC model-based administrative management system is developed to ensure that appropriate resources can be legally used by the correct employees and at the right time. By applying the proposed model, administrators can easily manage resources based on an organisational structure perspective and the resource sharing capabilities of all departments can be improved.