Least privileges and role’s inheritance of RBAC

Lan-sheng, Han; Fan, Hong; Kojo, Asiedu Baffour

doi:10.1007/BF02831728

Least privileges and role’s inheritance of RBAC

Web Information Security
Published: January 2006

Volume 11, pages 185–187, (2006)
Cite this article

Wuhan University Journal of Natural Sciences

Han Lan-sheng¹,
Hong Fan¹ &
Asiedu Baffour Kojo²

67 Accesses
2 Citations
Explore all metrics

Abstract

The main advantages of role-based access control (RBAC) are able to support the well-known security principles and roles' inheritance. But for there remains a lack of specific definition and the necessary formalization for RBAC, it is hard to realize RBAC in practical work. Our contribution here is to formalize the main relations of RBAC and take first step to propose concepts of action closure and data closure of a role, based on which we got the specification and algorithm for the least privileges of a role. We propose that roles' inheritance should consist of inheritance of actions and inheritance of data, and then we got the inheritance of privileges among roles, which can also be supported by existing exploit tools.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Representation and Reasoning on RBAC: A Nonmonotonic Approach

Policy Engineering in RBAC and ABAC

Oriented to the Privacy Protection Role Based on Access Control Model and Conflict Studies

References

Ferraiolo D, Cugini J, Kuhn R. Role-Based Access Control: Features and Motivations.Proceedings of 11th Annual Computer Security Application Conference. New Orleans: IEEE Computer Society Press, 1995, 241–48.
Google Scholar
Ferraiolo D, Kuhn R. Role-Based Access Controls.Proceedings of 15th NIST-NCSC National Computer Security Conference. Baltimore: IEEE Computer Society Press, 1992. 554–563.
Google Scholar
Cuiri L G. A New Model for Role-Based Access Control.Proceedings of 11th Annual Computer Security Application Conference. New Orleans: IEEE Computer Society Press, 1995, 249–255.
Google Scholar
Sandhu R, Coyne E, Feinstein H L,et al. Role-Based Access Control Models. LosAlamito: IEEE Computer Society Press, 1996,29(2):38–47.
Google Scholar
Ferraiolo D, Sandhu R, Gavrila S,et al. Proposed NIST Standard for Role-Based Access Control.ACM Transactions on Information and Systems Security (TISSEC), 2001,4 (3):43–57.
Google Scholar
Park J, Sandhu R, Ahn G J. Role-Based Access Control on the Web.ACM Transactions on Information and Systems Security (TISSEC), 2001,4(1):1–12.
Article MATH Google Scholar
Cuiri L G, Iglio P. A Formal Model for Role-Based Access Control with Constraints.Proceedings of 9th IEEE Computer Security Foundations Workshop. Ireland Kenmare, June 1996. 136–145.
Nyanchama M, Osborn S. Access Rights Administration in Role-Based Security Systems.Database Security VIII: Status and Prospects. North-Holland, Amsterdam, December 1995. 30–41.
Google Scholar
Solms S H, Merwe I. The Management of Computer Security Profiles Using a Role-Oriented Approach.ACM Transactions on Information and System Security (TISSEC), 1996,4(1):37–71.
Google Scholar

Download references

Author information

Authors and Affiliations

College of Computer Science and Technology, Huazhong University of Science and Technology, 430074, Wuhan, Hubei, China
Han Lan-sheng & Hong Fan
Computer Science and Technology Department, School of Computer Science and Engineering, P. O. Box: 3327, Kumasi, Ghana
Asiedu Baffour Kojo

Authors

Han Lan-sheng
View author publications
You can also search for this author in PubMed Google Scholar
Hong Fan
View author publications
You can also search for this author in PubMed Google Scholar
Asiedu Baffour Kojo
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hong Fan.

Additional information

Foundation item: Supported by the National Natural Science Foundation of China (60403027).

Biography: HAN Lan-sheng (1972-), male, Ph. D. candidate, research direction: information security.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Lan-sheng, H., Fan, H. & Kojo, A.B. Least privileges and role’s inheritance of RBAC. Wuhan Univ. J. Nat. Sci. 11, 185–187 (2006). https://doi.org/10.1007/BF02831728

Download citation

Received: 31 March 2005
Issue Date: January 2006
DOI: https://doi.org/10.1007/BF02831728

Key words

CLC number

TP 309. 5

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Least privileges and role’s inheritance of RBAC

Abstract

Access this article

Similar content being viewed by others

Representation and Reasoning on RBAC: A Nonmonotonic Approach

Policy Engineering in RBAC and ABAC

Oriented to the Privacy Protection Role Based on Access Control Model and Conflict Studies

References

Author information

Authors and Affiliations

Corresponding author

Additional information

Rights and permissions

About this article

Cite this article

Key words

CLC number

Navigation

Least privileges and role’s inheritance of RBAC

Abstract

Access this article

Similar content being viewed by others

Representation and Reasoning on RBAC: A Nonmonotonic Approach

Policy Engineering in RBAC and ABAC

Oriented to the Privacy Protection Role Based on Access Control Model and Conflict Studies

References

Author information

Authors and Affiliations

Corresponding author

Additional information

Rights and permissions

About this article

Cite this article

Share this article

Key words

CLC number

Search

Navigation