Role-based access control (RBAC) model has been widely recognized as an efficient access control model and becomes a hot research topic of information security at present. However, in the large-scale enterprise application environments, the traditional RBAC model based on the role hierarchy has the following deficiencies: Firstly, it is unable to reflect the role relationships in complicated cases effectively, which does not accord with practical applications. Secondly, the senior role unconditionally inherits all permissions of the junior role, thus if a user is under the supervisor role, he may accumulate all permissions, and this easily causes the abuse of permission and violates the least privilege principle, which is one of the main security principles. To deal with these problems, we, after analyzing permission types and role relationships, proposed the concept of atom role and built an atom-role-based access control model, called ATRBAC, by dividing the permission set of each regular role based on inheritance path relationships. Through the application-specific analysis, this model can well meet the access control requirements.

Role-based access control (RBAC) is widely used as an access control mechanism in various computer systems. Since an organization's lines of authority influence the authorized privileges of jobs, roles also form a hierarchical structure. A role graph is a model that represents role hierarchies and is suitable for the runtime phase of RBAC deployment. Since a role graph cannot take various forms for given roles and cannot handle abstraction of roles well, however, it is not suitable for the design phase of RBAC deployment. Hence, an extended role graph, which can take a more flexible form than that of a role graph, is proposed. The extended role graph improves diversity and clarifies abstraction of roles, making it suitable for the design phase. An equivalent transformation algorithm (ETA), for transforming an extended role graph into an equivalent role graph, is also proposed. Using the ETA, system administrators can deploy efficiently RBAC by using an extended role graph in the design phase and a standard role graph in the runtime phase.

This paper proposes a security violation detection method for RBAC based interoperation to meet the requirements of secure interoperation among distributed systems. We use role mappings between RBAC systems to implement trans-system access control, analyze security violation of interoperation with role mappings, and formalize definitions of secure interoperation. A minimum detection method according to the feature of RBAC system in distributed environment is introduced in detail. This method reduces complexity by decreasing the amount of roles involved in detection. Finally, we analyze security violation further based on the minimum detection method to help administrators eliminate security violation.

RBAC (Role Based Access Control) was added the concept of the role which user can have access to resources based on the role of the user, and it increased efficiency and expandability. But, evolution of computing power and internet technology has caused the up rise of the dynamic environments, in accordance with it, it will be expected to require a dynamic access control model considering various elements. In this paper, we propose DRBAC (Dynamic RBAC) model in intelligent Home (i-Home). This is an access control model suitable for user-oriented service in i-Home. In order to consider dynamic environment in the existing RBAC models, the proposed model executes assignments user-role and permission-role based on context. In addition, the proposed model provides scalable access control policies which are suitable for the characteristics of intelligent environment as considering the user location information as a temporary constraints condition. Furthermore, we design and implement WSNM (Wireless Sensor Network Module) for its services. Finally, the proposed model provides flexible and efficient authentication method which applied Domain-Group concept as well as user / device authentication.

In ubiquitous environment that users access resource anytime and anywhere, access control model should consider user's location information. The proposed uT-RBAC includes the location information for user's least privilege. It also supports time related information, which enables the access control model to accommodate various ubiquitous environments. The proposed uT-RBAC can be dynamically applied to various ubiquitous computing envrionment.

This paper proposes a model for access control within object-oriented systems. The model is based on RBAC (role-based access control) and is called DRBAC (dynamic RBAC). Although RBAC is powerful in access control, the original design of RBAC required that user-role assignments and role-permission assignments should be handled statically (i.e., the assignments should be handled by human beings). Nevertheless, the following dynamic features are necessary in access control within a software system: (a) managing dynamic role switching, (b) avoiding Trojan horses, (c) managing role associations, and (d) handling dynamic role creation and deletion. DRBAC offers the dynamic features. This paper proposes DRBAC.

The current scheme of access control judges the legality of each access based on immediate information without considering associate information hidden in a series of accesses. Due to the deficiency, access control systems do not efficiently limit attacks consist of ordinary operations. For trusted operating system developments, we extended RBAC and added negative procedural constraints to refuse those attacks. With the procedural constraints, the access control of trusted operating systems can discriminate attack trials from normal behaviors. This paper shows the specification of the extended concept and model, and presents simple analysis results.