The NIST model for role-based access control: towards a unified standard
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
A scenario-driven role engineering process for functional RBAC roles
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Dynamic Policy Model for Large Evolving Enterprises
EDOC '01 Proceedings of the 5th IEEE International Conference on Enterprise Distributed Object Computing
On modeling system-centric information for role engineering
Proceedings of the eighth ACM symposium on Access control models and technologies
A Model for Attribute-Based User-Role Assignment
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Subject switching algorithms for access control in federated databases
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
A Fine-Grained Access Control Model for Web Services
SCC '04 Proceedings of the 2004 IEEE International Conference on Services Computing
RoleMiner: mining roles using subset enumeration
Proceedings of the 13th ACM conference on Computer and communications security
Role engineering using graph optimisation
Proceedings of the 12th ACM symposium on Access control models and technologies
Extending access control models with break-glass
Proceedings of the 14th ACM symposium on Access control models and technologies
Optimal Boolean Matrix Decomposition: Application to Role Engineering
ICDE '08 Proceedings of the 2008 IEEE 24th International Conference on Data Engineering
A probabilistic approach to hybrid role mining
Proceedings of the 16th ACM conference on Computer and communications security
How to Securely Break into RBAC: The BTG-RBAC Model
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Towards an integrated approach to role engineering
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
Deriving role engineering artifacts from business processes and scenario models
Proceedings of the 16th ACM symposium on Access control models and technologies
Rumpole: a flexible break-glass access control model
Proceedings of the 16th ACM symposium on Access control models and technologies
Automatic error finding in access-control policies
Proceedings of the 18th ACM conference on Computer and communications security
Role Engineering: Methods and Standards
IT Professional
| Hi-index | 0.00 |
The authors propose a business-oriented approach to support accurate and dynamic user-role assignments for the Role Based Access Control RBAC model. Their model, called Business-Driven Role Based Access Control BD-RBAC, is composed of three layers. The first layer extends the RBAC model with the concepts of business roles, system roles, credentials, and users' capabilities. The second layer dynamically assigns users to business and system roles, and filters outdated abnormal user-role assignments. The third layer supports exception handling and partial authorization. The novel aspect of the work is the adaptation of RBAC-based access control systems to changes in organizational needs, while reducing the burden of security administration. To this end, the authors have developed 1 a series of algorithms to compute internal and external user-role assignments based on organizational policies, users' requests and capabilities, 2 and shown that their outputs are permissible, i.e., a legitimate user is authorized to activate the role, complete, i.e., a legitimate user can activate the roles necessary to perform all the requested tasks, and minimal, i.e., a legitimate user does not receive any non-authorized or not-needed privileges.