Abstract
The universal adoption of the Internet requires a fine grained access control in the sharing of sensitive resources. However, existing access control mechanisms are inflexible and do not help in alleviating the management task of administrating users’ access to resources based on security policies. In this paper, we propose an approach to implement fine-grained access control based on RBAC while considering specific context constraints. The approach is object-dependent and policy-enforced through binding policies to particular object. In the policies, context constraints are incorporated to support separation of duties (SoD). Furthermore, the implement of the approach is described in detail and an application to meet specific access control requirements of comprehensive knowledge management system in an aviation enterprise is presented.
Chapter PDF
Similar content being viewed by others
References
D.F. Ferraiolo, D.R. Kuhn, and R. Chandramouli, Role-Based Access Control (Artech House: 2003).
G.J. Ahn and R. Sandbu, Role-based Authorization Constraints Specification, A CM Transactions on Information and System Security. Volume 3, Number 4, (2000).
N.R. Adam, V. Atluri, E. Bertino, and E. Ferrari, A Content-Based Authorization Model for Digital Libraries, IEEE Transactions on Knowledge and Data Engineering. Volume 14, Number 2, (2002).
K. Alghathbar, An Approach to Engineer and Enforce Context Constraints in an RBAC Environment (SACMAT, 2003).
V. Kapsalisa and L. Hadellisb, A dynamic context-aware access control architecture for e-services, computers & security. Volume 25, pp.507–521, (2006).
A. Lin and R. Brown, The application of security policy to role-based access control and the common data security architecture, Computer Communications. Volume 23, pp.1584–1593,(2000).
L. Giuri and P. Iglio, Role Templates for Content-Based Access Control. in Proc. of the ACM Workshop on Role-Based Access Control (1997).
K. Alghathbar, Validating the enforcement of access control policies and separation of duty principle in requirement engineering, Information and Software Technology. Volume 49, pp.142–157, (2007).
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 International Federation for Information Processing
About this paper
Cite this paper
Ren, X., Liu, L., Lv, C. (2008). An Object-Dependent and Context Constraints-Aware Access Control Approach Based on RBAC. In: Xu, L.D., Tjoa, A.M., Chaudhry, S.S. (eds) Research and Practical Issues of Enterprise Information Systems II. IFIP International Federation for Information Processing, vol 255. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-76312-5_83
Download citation
DOI: https://doi.org/10.1007/978-0-387-76312-5_83
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-76311-8
Online ISBN: 978-0-387-76312-5
eBook Packages: Computer ScienceComputer Science (R0)