Abstract
The main advantages of role-based access control (RBAC) are able to support the well-known security principles and roles' inheritance. But for there remains a lack of specific definition and the necessary formalization for RBAC, it is hard to realize RBAC in practical work. Our contribution here is to formalize the main relations of RBAC and take first step to propose concepts of action closure and data closure of a role, based on which we got the specification and algorithm for the least privileges of a role. We propose that roles' inheritance should consist of inheritance of actions and inheritance of data, and then we got the inheritance of privileges among roles, which can also be supported by existing exploit tools.
Similar content being viewed by others
References
Ferraiolo D, Cugini J, Kuhn R. Role-Based Access Control: Features and Motivations.Proceedings of 11th Annual Computer Security Application Conference. New Orleans: IEEE Computer Society Press, 1995, 241–48.
Ferraiolo D, Kuhn R. Role-Based Access Controls.Proceedings of 15th NIST-NCSC National Computer Security Conference. Baltimore: IEEE Computer Society Press, 1992. 554–563.
Cuiri L G. A New Model for Role-Based Access Control.Proceedings of 11th Annual Computer Security Application Conference. New Orleans: IEEE Computer Society Press, 1995, 249–255.
Sandhu R, Coyne E, Feinstein H L,et al. Role-Based Access Control Models. LosAlamito: IEEE Computer Society Press, 1996,29(2):38–47.
Ferraiolo D, Sandhu R, Gavrila S,et al. Proposed NIST Standard for Role-Based Access Control.ACM Transactions on Information and Systems Security (TISSEC), 2001,4 (3):43–57.
Park J, Sandhu R, Ahn G J. Role-Based Access Control on the Web.ACM Transactions on Information and Systems Security (TISSEC), 2001,4(1):1–12.
Cuiri L G, Iglio P. A Formal Model for Role-Based Access Control with Constraints.Proceedings of 9th IEEE Computer Security Foundations Workshop. Ireland Kenmare, June 1996. 136–145.
Nyanchama M, Osborn S. Access Rights Administration in Role-Based Security Systems.Database Security VIII: Status and Prospects. North-Holland, Amsterdam, December 1995. 30–41.
Solms S H, Merwe I. The Management of Computer Security Profiles Using a Role-Oriented Approach.ACM Transactions on Information and System Security (TISSEC), 1996,4(1):37–71.
Author information
Authors and Affiliations
Corresponding author
Additional information
Foundation item: Supported by the National Natural Science Foundation of China (60403027).
Biography: HAN Lan-sheng (1972-), male, Ph. D. candidate, research direction: information security.
Rights and permissions
About this article
Cite this article
Lan-sheng, H., Fan, H. & Kojo, A.B. Least privileges and role’s inheritance of RBAC. Wuhan Univ. J. Nat. Sci. 11, 185–187 (2006). https://doi.org/10.1007/BF02831728
Received:
Issue Date:
DOI: https://doi.org/10.1007/BF02831728