Atom-Role-Based Access Control Model
Summary :
Role-based access control (RBAC) model has been widely recognized as an efficient access control model and becomes a hot research topic of information security at present. However, in the large-scale enterprise application environments, the traditional RBAC model based on the role hierarchy has the following deficiencies: Firstly, it is unable to reflect the role relationships in complicated cases effectively, which does not accord with practical applications. Secondly, the senior role unconditionally inherits all permissions of the junior role, thus if a user is under the supervisor role, he may accumulate all permissions, and this easily causes the abuse of permission and violates the least privilege principle, which is one of the main security principles. To deal with these problems, we, after analyzing permission types and role relationships, proposed the concept of atom role and built an atom-role-based access control model, called ATRBAC, by dividing the permission set of each regular role based on inheritance path relationships. Through the application-specific analysis, this model can well meet the access control requirements.
- Publication
- IEICE TRANSACTIONS on Information Vol.E95-D No.7 pp.1908-1917
- Publication Date
- 2012/07/01
- Publicized
- Online ISSN
- 1745-1361
- DOI
- 10.1587/transinf.E95.D.1908
- Type of Manuscript
- PAPER
- Category
- Information Network
Authors
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Weihong CAI, Richeng HUANG, Xiaoli HOU, Gang WEI, Shui XIAO, Yindong CHEN, "Atom-Role-Based Access Control Model" in IEICE TRANSACTIONS on Information,
vol. E95-D, no. 7, pp. 1908-1917, July 2012, doi: 10.1587/transinf.E95.D.1908.
Abstract: Role-based access control (RBAC) model has been widely recognized as an efficient access control model and becomes a hot research topic of information security at present. However, in the large-scale enterprise application environments, the traditional RBAC model based on the role hierarchy has the following deficiencies: Firstly, it is unable to reflect the role relationships in complicated cases effectively, which does not accord with practical applications. Secondly, the senior role unconditionally inherits all permissions of the junior role, thus if a user is under the supervisor role, he may accumulate all permissions, and this easily causes the abuse of permission and violates the least privilege principle, which is one of the main security principles. To deal with these problems, we, after analyzing permission types and role relationships, proposed the concept of atom role and built an atom-role-based access control model, called ATRBAC, by dividing the permission set of each regular role based on inheritance path relationships. Through the application-specific analysis, this model can well meet the access control requirements.
URL: https://globals.ieice.org/en_transactions/information/10.1587/transinf.E95.D.1908/_p
Copy
@ARTICLE{e95-d_7_1908,
author={Weihong CAI, Richeng HUANG, Xiaoli HOU, Gang WEI, Shui XIAO, Yindong CHEN, },
journal={IEICE TRANSACTIONS on Information},
title={Atom-Role-Based Access Control Model},
year={2012},
volume={E95-D},
number={7},
pages={1908-1917},
abstract={Role-based access control (RBAC) model has been widely recognized as an efficient access control model and becomes a hot research topic of information security at present. However, in the large-scale enterprise application environments, the traditional RBAC model based on the role hierarchy has the following deficiencies: Firstly, it is unable to reflect the role relationships in complicated cases effectively, which does not accord with practical applications. Secondly, the senior role unconditionally inherits all permissions of the junior role, thus if a user is under the supervisor role, he may accumulate all permissions, and this easily causes the abuse of permission and violates the least privilege principle, which is one of the main security principles. To deal with these problems, we, after analyzing permission types and role relationships, proposed the concept of atom role and built an atom-role-based access control model, called ATRBAC, by dividing the permission set of each regular role based on inheritance path relationships. Through the application-specific analysis, this model can well meet the access control requirements.},
keywords={},
doi={10.1587/transinf.E95.D.1908},
ISSN={1745-1361},
month={July},}
Copy
TY - JOUR
TI - Atom-Role-Based Access Control Model
T2 - IEICE TRANSACTIONS on Information
SP - 1908
EP - 1917
AU - Weihong CAI
AU - Richeng HUANG
AU - Xiaoli HOU
AU - Gang WEI
AU - Shui XIAO
AU - Yindong CHEN
PY - 2012
DO - 10.1587/transinf.E95.D.1908
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E95-D
IS - 7
JA - IEICE TRANSACTIONS on Information
Y1 - July 2012
AB - Role-based access control (RBAC) model has been widely recognized as an efficient access control model and becomes a hot research topic of information security at present. However, in the large-scale enterprise application environments, the traditional RBAC model based on the role hierarchy has the following deficiencies: Firstly, it is unable to reflect the role relationships in complicated cases effectively, which does not accord with practical applications. Secondly, the senior role unconditionally inherits all permissions of the junior role, thus if a user is under the supervisor role, he may accumulate all permissions, and this easily causes the abuse of permission and violates the least privilege principle, which is one of the main security principles. To deal with these problems, we, after analyzing permission types and role relationships, proposed the concept of atom role and built an atom-role-based access control model, called ATRBAC, by dividing the permission set of each regular role based on inheritance path relationships. Through the application-specific analysis, this model can well meet the access control requirements.
ER -
FlyerIEICE has prepared a flyer regarding multilingual services. Please use the one in your native language.
English
