UAQ

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

UAQ: a framework for user authorization query processing in RBAC extended with hybrid hierarchy and constraints

Full text

Pdf (448 KB)

Source

Symposium on Access Control Models and Technologies archive
Proceedings of the 13th ACM symposium on Access control models and technologies table of contents

Estes Park, CO, USA

SESSION: Role based access control table of contents

Pages 83-92

Year of Publication: 2008

ISBN:978-1-60558-129-3

Authors

Yue Zhang	University of Pittsburgh, Pittsburgh, PA
James B. D. Joshi	University of Pittsburgh, Pittsburgh, PA

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 6, Downloads (12 Months): 116, Citation Count: 2

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1377836.1377850 What is a DOI?

ABSTRACT

A key issue in RBAC systems is how to efficiently handle the user authorization process. That is, whether or not to grant a user's request to acquire a set of requested permissions or to activate a set of requested roles in a single session. The presence of hybrid hierarchies as well as the cardinality and dynamic separation of duty constraints make the issue more complex. In this paper, we define this issue as the user authorization query problem consisting of a role mapping problem and an activation checking problem. We also propose a set of algorithms to solve the role mapping and the activation checking problems. We show that our model is practical and flexible, and can deal with various cases in presence of the hybrid hierarchy and cardinality/DSoD constraints.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	S. M. Chandran, J. B. D. Joshi, "Towards Administration of a Hybrid Role Hierarchy", IEEE International Conference on Information Reuse and Integration, 2005.
	2	Thomas H. Cormen , Clifford Stein , Ronald L. Rivest , Charles E. Leiserson, Introduction to Algorithms, McGraw-Hill Higher Education, 2001
	3	Siqing Du , James B. D. Joshi, Supporting authorization query and inter-domain role mapping in presence of hybrid role hierarchy, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA [doi>10.1145/1133058.1133090]
	4	David F. Ferraiolo , Ravi Sandhu , Serban Gavrila , D. Richard Kuhn , Ramaswamy Chandramouli, Proposed NIST standard for role-based access control, ACM Transactions on Information and System Security (TISSEC), v.4 n.3, p.224-274, August 2001 [doi>10.1145/501978.501980]
	5	James B. D. Joshi , Elisa Bertino , Usman Latif , Arif Ghafoor, A Generalized Temporal Role-Based Access Control Model, IEEE Transactions on Knowledge and Data Engineering, v.17 n.1, p.4-23, January 2005 [doi>10.1109/TKDE.2005.1]
	6	James B D Joshi , Elisa Bertino , Arif Ghafoor, Temporal hierarchies and inheritance semantics for GTRBAC, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA [doi>10.1145/507711.507724]
	7	James B. D. Joshi , Elisa Bertino , Arif Ghafoor , Yue Zhang, Formal foundations for hybrid hierarchies in GTRBAC, ACM Transactions on Information and System Security (TISSEC), v.10 n.4, p.1-39, January 2008 [doi>10.1145/1284680.1284682]
	8	Ninghui Li , Ji-Won Byun , Elisa Bertino, A Critique of the ANSI Standard on Role-Based Access Control, IEEE Security and Privacy, v.5 n.6, p.41-49, November 2007 [doi>10.1109/MSP.2007.158]
	9	Jonathan D. Moffett , Emil C. Lupu, The uses of role hierarchies in access control, Proceedings of the fourth ACM workshop on Role-based access control, p.153-160, October 28-29, 1999, Fairfax, Virginia, United States [doi>10.1145/319171.319186]
	10	Smithi Piromruen , James B. D. Joshi, An RBAC Framework for Time Constrained Secure Interoperation in Multi-domain Environments, Proceedings of the 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems, p.36-48, February 02-04, 2005 [doi>10.1109/WORDS.2005.18]
	11	Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996 [doi>10.1109/2.485845]
	12	Ravi Sandhu, Role activation hierarchies, Proceedings of the third ACM workshop on Role-based access control, p.33-40, October 22-23, 1998, Fairfax, Virginia, United States [doi>10.1145/286884.286891]
	13	J.Barkley, A.V. Cincotta, D.F. Ferraiolo, S. Gavrila, , D.R. Kuhn, "Role Based Access Control for the World Wide Web", 20th National Computer Security Conference (1997)
	14	Liang Chen , Jason Crampton, Inter-domain role mapping and least privilege, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France [doi>10.1145/1266840.1266866]

CITED BY 2

	Guneshi T. Wickramaarachchi , Wahbeh H. Qardaji , Ninghui Li, An efficient framework for user authorization queries in RBAC systems, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy
	Samrat Mondal , Shamik Sural , Vijayalakshmi Atluri, Towards formal security analysis of GTRBAC using timed automata, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy