ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
A model for role administration using organization structure
Full text PdfPdf (308 KB)
Source Symposium on Access Control Models and Technologies archive
Proceedings of the seventh ACM symposium on Access control models and technologies table of contents
Monterey, California, USA
SESSION: Role Administration table of contents
Pages: 155 - 162  
Year of Publication: 2002
ISBN:1-58113-496-7
Authors
Sejong Oh  George Mason University, Fairfax, VA
Ravi Sandhu  George Mason University, Fairfax, VA
Sponsor
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 15,   Downloads (12 Months): 90,   Citation Count: 17
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/507711.507737
What is a DOI?

ABSTRACT

Role-based access control (RBAC) is recognized as an excellent model for access control in an enterprise environment. In large enterprises, effective RBAC administration is a major issue. ARBAC97 is a well-known solution for decentralized RBAC administration. ARBAC97 authorizes administrative roles by means of role ranges' and prerequisite conditions'. Although attractive and elegant in their own right, we will see that these mechanisms have significant shortcomings.We propose an improved role administration model named ARBAC02 to overcome the weaknesses of ARBAC97. ARBAC02 adopts the organization unit for new user and permission pools independent of role or role hierarchy. It uses a refined prerequisite condition. In addition, we present a bottom-up approach to permission-role administration in contrast to the top-down approach of ARBAC97.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Ravi S. Sandhu , Venkata Bhamidipati, The URA97 Model for Role-Based User-Role Assignment, Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects, p.262-275, August 10-13, 1997
2
Ravi Sandhu , Venkata Bhamidipati , Edward Coyne , Srinivas Ganta , Charles Youman, The ARBAC97 model for role-based administration of roles: preliminary description and outline, Proceedings of the second ACM workshop on Role-based access control, p.41-50, November 06-07, 1997, Fairfax, Virginia, United States  [doi>10.1145/266741.266752]
 
3
Ravi Sandhu and Venkata Bhamidipati, "Role-based administration of user-role assignment: The URA97 model and its Oracle implementation", The Journal of Computer Security, Vol.7, 1999.
 
4
Ravi Sandhu , Qamar Munawer, The ARBAC99 Model for Administration of Roles, Proceedings of the 15th Annual Computer Security Applications Conference, p.229, December 06-10, 1999
5
Najam Perwaiz, Structured management of role-permission relationships, Proceedings of the sixth ACM symposium on Access control models and technologies, p.163-169, May 2001, Chantilly, Virginia, United States  [doi>10.1145/373256.373292]
6
James B. D. Joshi , Walid G. Aref , Arif Ghafoor , Eugene H. Spafford, Security models for web-based applications, Communications of the ACM, v.44 n.2, p.38-44, Feb. 2001  [doi>10.1145/359205.359224]
 
7
Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996  [doi>10.1109/2.485845]
8
Jonathan D. Moffett, Control principles and role hierarchies, Proceedings of the third ACM workshop on Role-based access control, p.63-69, October 22-23, 1998, Fairfax, Virginia, United States  [doi>10.1145/286884.286900]
9
Jonathan D. Moffett , Emil C. Lupu, The uses of role hierarchies in access control, Proceedings of the fourth ACM workshop on Role-based access control, p.153-160, October 28-29, 1999, Fairfax, Virginia, United States  [doi>10.1145/319171.319186]
10
Sylvia Osborn , Ravi Sandhu , Qamar Munawer, Configuring role-based access control to enforce mandatory and discretionary access control policies, ACM Transactions on Information and System Security (TISSEC), v.3 n.2, p.85-106, May 2000  [doi>10.1145/354876.354878]
11
Ravi Sandhu , Venkata Bhamidipati , Qamar Munawer, The ARBAC97 model for role-based administration of roles, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.105-135, Feb. 1999  [doi>10.1145/300830.300839]
12
Matunda Nyanchama , Sylvia Osborn, The role graph model and conflict of interest, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.3-33, Feb. 1999  [doi>10.1145/300830.300832]

CITED BY  17
Jean Bacon , Ken Moody , Walt Yao, A model of OASIS role-based access control and its support for active security, ACM Transactions on Information and System Security (TISSEC), v.5 n.4, p.492-540, November 2002
Horst F. Wedde , Mario Lischka, Cooperative role-based administration, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
Rafae Bhatti , James Joshi , Elisa Bertino , Arif Ghafoor, X-GTRBAC admin: a decentralized administration model for enterprise wide access control, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
Ninghui Li , Mahesh V. Tripunitara, Security analysis in role-based access control, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
Horst F. Wedde , Mario Lischka, Modular authorization and administration, ACM Transactions on Information and System Security (TISSEC), v.7 n.3, p.363-391, August 2004
H. F. Wedde , Mario Lischka, Role-based access control in ambient and remote space, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
Hua Wang , Lili Sun , Yanchun Zhang , Jinli Cao, Authorization algorithms for the mobility of user-role relationship, Proceedings of the Twenty-eighth Australasian conference on Computer Science, p.69-77, January 01, 2005, Newcastle, Australia
Karsten Sohr , Michael Drouineaud , Gail-Joon Ahn, Formal specification of role-based security policies for clinical information systems, Proceedings of the 2005 ACM symposium on Applied computing, March 13-17, 2005, Santa Fe, New Mexico
Axel Kern , Andreas Schaad , Jonathan Moffett, An administration concept for the enterprise role-based access control model, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
Jim Longstaff , Mike Lockyer , John Nicholas, The tees confidentiality model: an authorisation model for identities and roles, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
Rafae Bhatti , Basit Shafiq , Elisa Bertino , Arif Ghafoor , James B. D. Joshi, X-gtrbac admin: A decentralized administration model for enterprise-wide access control, ACM Transactions on Information and System Security (TISSEC), v.8 n.4, p.388-423, November 2005
Ninghui Li , Mahesh V. Tripunitara, Security analysis in role-based access control, ACM Transactions on Information and System Security (TISSEC), v.9 n.4, p.391-420, November 2006
Ninghui Li , Ziqing Mao, Administration in role-based access control, Proceedings of the 2nd ACM symposium on Information, computer and communications security, March 20-22, 2007, Singapore
Tanvir Ahmed , Anand R. Tripathi, Specification and verification of security requirements in a programming model for decentralized CSCW systems, ACM Transactions on Information and System Security (TISSEC), v.10 n.2, p.7-es, May 2007
Scott D. Stoller , Ping Yang , C R. Ramakrishnan , Mikhail I. Gofman, Efficient policy analysis for administrative role based access control, Proceedings of the 14th ACM conference on Computer and communications security, October 28-31, 2007, Alexandria, Virginia, USA
Ioannis Mavridis , Andreas Mattas , Ioannis Pagkalos , Isabella Kotini , Christos Ilioudis, Supporting dynamic administration of RBAC in web-based collaborative applications during run-time, International Journal of Information and Computer Security, v.2 n.4, p.328-352, January 2009
Tsung-Yi Chen , Yuh-Min Chen , Chin-Bin Wang , Hui-Chuan Chu, Flexible authorisation in dynamic e-business environments using an organisation structure-based access control model, International Journal of Computer Integrated Manufacturing, v.22 n.3, p.225-244, March 2009

INDEX TERMS

Primary Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Access controls


General Terms:
Security


Keywords:
RBAC, access control, role administration

Collaborative Colleagues:
Sejong Oh: colleagues
Ravi Sandhu: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player