Intra-role Progression in RBAC: An RPG-Like Access Control Scheme

Martínez-García, Carles; Navarro-Arribas, Guillermo; Borrell, Joan

doi:10.1007/978-3-642-28879-1_15

Intra-role Progression in RBAC: An RPG-Like Access Control Scheme

Carles Martínez-García,
Guillermo Navarro-Arribas &
Joan Borrell

Conference paper

590 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7122))

Abstract

Role-Based Access Control is an access control scheme born to accommodate organizational access control policies. Despite RBAC is widely used, it presents some handicaps when accommodating the natural user progression within a system: from low access privileges, when the user is new in the system, to higher access privileges as the user experience grows. In this paper, we build on FRBAC to propose an RBAC-like intra-role user progression scheme inspired in role playing games. User progression will result in progressive abilities acquisition and enhancing, enhancing RBAC with more expressive access control policies.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Adams, E.: Fundamentals of Game Design, 2nd edn. New Riders Publishing (2009)
Google Scholar
Bonatti, P., Duma, C., Olmedilla, D., Shahmehri, N.: An integration of reputation-based and policy-based trust management. In: Semantic Web and Policy Workshop (in conjunction with 4th International Semantic Web Conference) (2005)
Google Scholar
Chakraborty, S., Ray, I.: Trustbac: integrating trust relationships into the rbac model for access control in open systems. In: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies (SACMAT 2006), pp. 49–58. ACM (2006)
Google Scholar
Cheng, P.-C., Rohatgi, P., Keser, C., Karger, P.A., Wagner, G.M., Reninger, A.S.: Fuzzy multi-level security: An experiment on quantified risk-adaptive access control. In: Proceedings of the 2007 IEEE Symposium on Security and Privacy, pp. 222–230. IEEE Computer Society (2007)
Google Scholar
Dovrolis, C., Ramanathan, P.: A case for relative differentiated services and the proportional differentiation model. IEEE Network 13(5), 26–34 (1999)
Article Google Scholar
Ferraiolo, D.F., Kuhn, R.D., Chandramouli, R.: Role-Based Access Control, 2nd edn. Artech House, Inc. (2007)
Google Scholar
Ferraiolo, D.F., Sandhu, R.S., Gavrila, S.I., Richard Kuhn, D., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Transactions on Information Systems Security 4(3), 224–274 (2001)
Article Google Scholar
Klir, G.J., Yuan, B.: Fuzzy sets and fuzzy logic: theory and applications. Prentice-Hall, Inc. (1995)
Google Scholar
Martínez-García, C., Navarro-Arribas, G., Borrell, J.: Fuzzy role-based access control. Information Processing Letters 111, 483–487 (2011)
Article MathSciNet Google Scholar
Mezzetti, N.: A Socially Inspired Reputation Model. In: Katsikas, S.K., Gritzalis, S., López, J. (eds.) EuroPKI 2004. LNCS, vol. 3093, pp. 191–204. Springer, Heidelberg (2004)
Chapter Google Scholar
Moyer, M.J., Covington, M.J., Ahamad, M.: Generalized role-based access control for securing future applications. In: 23rd National Information Systems Security Conference, NISSC 2000 (2000)
Google Scholar
Takabi, H., Amini, M., Jalili, R.: Trust-based user-role assignment in role-based access control. In: ACS/IEEE International Conference on Computer Systems and Applications, pp. 807–814. IEEE Computer Society (2007)
Google Scholar
Woo, J.W., Hwang, M.J., Lee, C.G., Youn, H.Y.: Dynamic role-based access control with trust-satisfaction and reputation for multi-agent system. In: 2010 IEEE 24th International Conference on Advanced Information Networking and Applications Workshops (WAINA), pp. 1121–1126 (2010)
Google Scholar
Yong, H.: Reputation and role based access control model for multi-domain environments. In: 2010 International Symposium on Intelligence Information Processing and Trusted Computing (IPTC), pp. 597–600 (2010)
Google Scholar

Download references

Authors

Carles Martínez-García
View author publications
You can also search for this author in PubMed Google Scholar
Guillermo Navarro-Arribas
View author publications
You can also search for this author in PubMed Google Scholar
Joan Borrell
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

TELECOM-Bretagne, Campus de Rennes, 2, rue de la Châtaigneraie, 35512, Cesson Sévigné Cedex, France
Joaquin Garcia-Alfaro
Universitat Autonoma de Barcelona, Edifici-Q, Campus UAB, 08193, Bellaterra, Spain
Guillermo Navarro-Arribas
Institut Télécom, Télécom Bretagne, CS 17607, 35576, Cesson-Sévigné, France
Nora Cuppens-Boulahia
Dipartimento di Tecnologie dell’Informazione, Università degli Studi di Milano, Via Bramante 65, 26013, Crema, Italy
Sabrina de Capitani di Vimercati

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Martínez-García, C., Navarro-Arribas, G., Borrell, J. (2012). Intra-role Progression in RBAC: An RPG-Like Access Control Scheme. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds) Data Privacy Management and Autonomous Spontaneus Security. DPM SETOP 2011 2011. Lecture Notes in Computer Science, vol 7122. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28879-1_15

Download citation

DOI: https://doi.org/10.1007/978-3-642-28879-1_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-28878-4
Online ISBN: 978-3-642-28879-1
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics