An Adaptive Authorization Model Based on RBAC

Authors

  • Radu Constantinescu Bucharest Academy of Economic Studies
  • Lucian Corlan UTI Group

Keywords:

authorization, access control models, roles, security, RBAC

Abstract

In the article we present a data model and a possible implementation suited to allow proper access control in a system. In order to do that, we started from the extended RBAC model which is focused on roles which are associated to different functions existing in the system. The access control is implemented not just for some application’s functionalities but also for granulated data details, like data attributes.

Author Biographies

Radu Constantinescu, Bucharest Academy of Economic Studies

Business Informatics Department

Lucian Corlan, UTI Group

R&D Department

References

D.F. Ferraiolo and D.R. Kuhn (1992) "Role Based Access Control" 15th National Computer Security Conference, Oct, 1992

R. Sandhu, D.F. Ferraiolo, D, R. Kuhn "The NIST Model for Role Based Access Control: Towards a Unified Standard", NIST, 2000

D.F. Ferraiolo, D.R. Kuhn, R. Chandramouli, “Role Based Access Control” (book), Artech House, 2003, 2nd Edition, 2007

D.R. Kuhn, "Mutual Exclusion of Roles as a Means of Implementing Separation of Duty in Role-Based Access Control Systems" Second ACM Workshop on Role-Based Access Control, 1997

D.F. Ferraiolo, J. Barkley, D.R. Kuhn, "A Role Based Access Control Model and Reference Implementation within a Corporate Intranet", ACM Transactions on Information Systems Security, Volume 1, Number 2, February 1999.

Beznosov, Deng, Blakley, Burt, Barkley, "A Resource Access Decision Service for CORBA-based Distributed Systems", ACSAC (Annual Computer Security Applications Conference), 1999

R. Sandhu, D. Ferraiolo, R. Kuhn, "The NIST Model for Role Based Access Control: Towards a Unified Standard," Proceedings, 5th ACM Workshop on Role Based Access Control, July 26-27, 2000.

R.Chandramouli, "Specification and Validation of Enterprise Access Control Data for Conformance to Model and Policy Constraints", 7th World Multi-conference on Systemics, Cybernetics and Informatics, 2003

R. Constantinescu, A. Barbulescu, "Systems Security through Capability Models", "Competitiviness and European Integration" International Conference, Cluj, Romania, Oct, 2007

R. Constantinescu, F. Nastase, "Process Models for Security Architectures", Informatics in Economy Journal, no. 4, 2006

R. Constantinescu, I. Ilie-Nemedi, "eBusiness Security" poster session, 12th Intel EMEA Academic Forum, Budapest, 12-14 June 2007

Department of Defense Standard, "Trusted Computer System Evaluation Criteria", 1985

R. Sandhu, E. Coyne, H. Feinstein, "Role Based Acces Control Models“, IEEE Computer, 1995

JMEDS, vol 1, no 2, 2009, Smart Cards and e-Commerce Solutions

Downloads

Published

2009-12-30

How to Cite

Constantinescu, R., & Corlan, L. (2009). An Adaptive Authorization Model Based on RBAC. Journal of Mobile, Embedded and Distributed Systems, 1(2), 119-126. Retrieved from http://jmeds.eu/index.php/jmeds/article/view/An-Adaptive-Authorization-Model-Based-on-RBAC

Issue

Vol. 1 No. 2 (2009): Smart Cards and e-Commerce Solutions

Section

Articles

License

Authors who publish with this journal agree to the following terms:


    1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

    1. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

    1. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).

    1. The author(s) is responsible for the correctness and legality of the paper content.

    1. Papers that are copyrighted or published will not be taken into consideration for publication in JMEDS It is the author(s) responsibility to ensure that the paper does not cause any copyright infringements and other problems.

    1. It is the responsibility of the author(s) to obtain all necessary copyright release permissions for the use of any copyrighted materials in the paper prior to the submission.

  1. The Author(s) retains the right to reuse any portion of the paper, in future works, including books, lectures and presentations in all media, with the condition that the publication by JMEDS is properly credited and referenced.
Creative Commons License
JMEDS articles by Journal of Mobile, Embedded and Distributed Systems (JMEDS) is licensed under a Creative Commons Attribution 4.0 International License.
Based on a work at http://jmeds.eu.
Permissions beyond the scope of this license may be available at http://jmeds.eu/index.php/jmeds/about/submissions#copyrightNotice.