An Extended RBAC Profile of XACML
Diala Abi Haidar 1,2, Nora Cuppens-Boulahia 1, Frederic Cuppens 1, Herve Debar 2
1 ENST Bretagne, 2 rue de la Chˆataigneraie, 35512 Cesson-S´evign´e Cedex, France
2 France Telecom R&D Caen, 42 rue des Coutures BP 6243, 14066 Caen, France
SWS’06, Novem ber 3, 2006, Alex andria, Virginia, USA.
Copyright 2006 ACM 1-59593-546-0/06/0011...$5.00.
The basic concept of the RBAC model is that users are assigned to roles, permissions are assigned to roles and users acquire permissions by being members of roles. The user-role
assignment can be a many-to-many relation in the sense that a user can be assigned to many roles and a role can have many users. Similarly, the permission-role assignment is also a many-to-many relation. The RBAC model is organized in four levels [24] each including the requirements of the basic RBAC: the flat (or core) RBAC, the hierarchical RBAC that adds requirements for supporting role hierarchies and the constrained RBAC that adds constraints on the hierarchical RBAC. The constraints may be associated with the user-role assignment (for static separation of duty) or with the activation of roles within user sessions (for dynamic separation of duty). The last level is the symmetric RBAC (also called consolidated) that adds a requirement for permission-role review. This is essential in any authorization management to identify and review the permissions assignment, i.e. the relation between permissions and roles.
The main benefit of this model is the ease of administration of security policies and its scalability. When a user moves inside an organization and has another function, the only thing the administrator needs to do is to revoke the existing user-role assignment and assign her a new role. There is no need to revoke the authorizations she had before and she will be granted new authorizations assigned to her new role. Adding to that, the role hierarchy defined in this model, where a given role can include all the permissions of another role, is a way of having a well structured access control that is the mirror of the organization structure. Finally the RBAC model supports the delegation of access permissions between roles. A role can delegate its role or
part of its role to another role [12].
[pages 14-15]
ACM Digital Library Article (Member Access Only)
Saturday, March 1, 2008
Security: Role-based access control (RBAC) fundamentals
Labels:
access control,
EMR,
medical,
role-based,
security
Subscribe to:
Post Comments (Atom)
Blog Archive
-
►
2012
(35)
- ► April 2012 (13)
- ► March 2012 (16)
- ► February 2012 (3)
- ► January 2012 (3)
-
►
2011
(118)
- ► December 2011 (9)
- ► November 2011 (11)
- ► October 2011 (7)
- ► September 2011 (13)
- ► August 2011 (7)
- ► April 2011 (8)
- ► March 2011 (11)
- ► February 2011 (12)
- ► January 2011 (15)
-
►
2010
(183)
- ► December 2010 (16)
- ► November 2010 (15)
- ► October 2010 (15)
- ► September 2010 (25)
- ► August 2010 (19)
- ► April 2010 (21)
- ► March 2010 (7)
- ► February 2010 (6)
- ► January 2010 (6)
-
►
2009
(120)
- ► December 2009 (5)
- ► November 2009 (12)
- ► October 2009 (2)
- ► September 2009 (3)
- ► August 2009 (16)
- ► April 2009 (4)
- ► March 2009 (20)
- ► February 2009 (9)
- ► January 2009 (19)
-
▼
2008
(139)
- ► December 2008 (15)
- ► November 2008 (16)
- ► October 2008 (17)
- ► September 2008 (2)
- ► August 2008 (2)
- ► April 2008 (12)
-
▼
March 2008
(25)
- Web: Mashup Security
- Research: Conversations: Jon Bentley; On Algorithm...
- Web: HTML5 Jumps Off the Drawing Board
- Research: Now Blooming: Digital Models
- Research: The Future of Computing--Carbon Nanotube...
- Research: An Interview With Bjarne Stroustrup
- Software: DSLs Lead Development Paradigm Shift; do...
- Security: NIST Unveils Tool to Foil Attacks via DNS
- Research: Back to Basics: Algorithms
- Security: Researchers Secure the Browser
- Security: Defending Laptops from Zombie Attacks
- Web: Can We Fix the Web?
- Research: How to Make Smarter Software
- Research: Communities and the Networks That Define...
- Security: Researchers Create Next-Generation Softw...
- Security: When browsers attack
- Web: Voting for More Than Just Either-Or
- Software: Web Mashups Made Easy
- Research: Algorithm Finds the Network - For Genes ...
- Web: Study: Digital Universe and Its Impact Bigger...
- Research: Language of a Fly Proves Surprising; res...
- Security: Privacy-aware Role Based Access Control ...
- Security: Role-based access control (RBAC) fundame...
- Security: Role-based access control (RBAC) defined
- Research: From Palmtops to Brain Cells
- ► February 2008 (16)
- ► January 2008 (6)
-
►
2007
(17)
- ► December 2007 (4)
- ► November 2007 (4)
- ► October 2007 (7)
Blog Labels
- research
- CSE
- security
- software
- web
- AI
- development
- hardware
- algorithm
- hackers
- medical
- machine learning
- robotics
- data-mining
- semantic web
- quantum computing
- Cloud computing
- cryptography
- network
- EMR
- search
- NP-complete
- linguistics
- complexity
- data clustering
- optimization
- parallel
- performance
- social network
- HIPAA
- accessibility
- biometrics
- connectionist
- cyber security
- passwords
- voting
- XML
- biological computing
- neural network
- user interface
- DNS
- access control
- firewall
- graph theory
- grid computing
- identity theft
- project management
- role-based
- HTML5
- NLP
- NoSQL
- Python
- cell phone
- database
- java
- open-source
- spam
- GENI
- Javascript
- SQL-Injection
- Wikipedia
- agile
- analog computing
- archives
- biological
- bots
- cellular automata
- computer tips
- crowdsourcing
- e-book
- equilibrium
- game theory
- genetic algorithm
- green tech
- mobile
- nonlinear
- p
- phone
- prediction
- privacy
- self-book publishing
- simulation
- testing
- virtual server
- visualization
- wireless
No comments:
Post a Comment