An Integration Model of Role-Based Access Control and Activity-Based Access Control Using Task

  • Sejong Oh
  • Soeg Park
Chapter
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 73)

Abstract

Role-based access control (RBAC) and activity-based access control (ABAC) models are well known and recognized as a good security model for enterprise environment. (ABAC model is represented as ‘workflow’). But these models have some limitations to apply to enterprise environment. Furthermore, enterprise environment needs application both RBAC and ABAC models.

In this paper we propose integration model of RABC and ABAC. For this we describe basic concept and limitations of RBAC and ABAC models. And we introduce concept of classifications for tasks. We use task by means of connection RBAC and ABAC models. Also we discuss the effect of new integration model.

Key words

Access control RBAC Task Role Enterprise environment 
Download to read the full chapter text

References

  1. [1]
    C.P. Pfleeger, Security in Computing, second edition, Prentice-Hall International Inc., 1997.Google Scholar
  2. [2]
    E.G. Amoroso, Fundamentals of Computer Security Technology, PTR Prentice Hall, 1994, 253–257.Google Scholar
  3. [3]
    Dagstull, G. Coulouris, and J. Dollimore, “A Security Model for Cooperative work: a model and its system implications”, Position paper for ACM European SIGOPS Workshop, September 1994.Google Scholar
  4. [4]
    G.J. Ahn, R.S. Sandhu, M. Kang, and J. Park, “Injecting RBAC to Secure a Web-based Workflow System”, Proc. of 5th ACM Workshop on Role-Based Access Control. 2000.Google Scholar
  5. [5]
    R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman, “Role-Based Access Control Method”, IEEE Computer, vol.29, Feb. 1996.Google Scholar
  6. [6]
    D. Ferraio, J. Cugini, and R. Kuhn, “Role-based Access Control (RBAC): Features and motivations”, Proc. of 11th Annual Computer Security Application Conference, 1995.12.Google Scholar
  7. [7]
    W.K. Huang and V. Atluri, “SecureFlow: A Secure Web-enabled Workflow Management System”, Proc. of 4th ACM Workshop on Role-Based Access Control, 1999.Google Scholar
  8. [8]
    G. Herrmann and G. Pernul, “Towards Security Semantics in Workflow Management”, Proc. of the 31st Hawaii International Conference on System Sciences, 1998.Google Scholar
  9. [9]
    R.K. Thomas and R.S. Sandhu, “Task-based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-oriented Authorization Management”, Proc. of the IFIP WG11.3 Workshop on Database Security, 1997.Google Scholar

Copyright information

© Kluwer Academic Publishers 2002

Authors and Affiliations

  • Sejong Oh
    • 1
  • Soeg Park
    • 1
  1. 1.Sogang UniversityUK

Personalised recommendations