Abstract
Role-Based Access Control (RBAC) has become the de facto standard for realizing authorization requirements in a wide range of organizations. Existing RBAC models suffer from two main shortcomings; lack of expressiveness of roles/permissions and ambiguities of their hierarchies. Roles/permissions expressiveness is limited since roles do not have the ability to express behaviour and state, while hierarchical RBAC cannot reflect real organizational hierarchies. In this paper, we propose a novel access control model: The Role-Oriented Access Control Model (ROAC), which is based on the concepts of RBAC but inspired by the object-oriented paradigm. ROAC greatly enhances expressiveness of roles and permissions by introducing parameters and methods as members. The hierarchical ROAC model supports selective inheritance of permissions.
Chapter PDF
References
Ferraiolo, D., Kuhn, D.: Role-based access control. In: Proceedings of the 15th National Computer Security Conference (1992)
Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based access control models. IEEE Computer, 38–47 (1996)
ANSI INCITS 359, Standard for Role Based Access Control (2004)
Abdallah, A., Khayat, E.: A Formal Model for Parameterized Role-Based Access Control. In: Dimitrakos, T., Martinelli, F. (eds.) FAST 2004. IFIP, vol. 173, pp. 233–246. Springer, Boston (2005)
Fischer, J., Marino, D., Majumdar, R., Millstein, T.: Fine-Grained Access Control with Object-Sensitive Roles. In: Drossopoulou, S. (ed.) ECOOP 2009. LNCS, vol. 5653, pp. 173–194. Springer, Heidelberg (2009)
Kalam, A., Benferhat, S., Miege, A., Baida, R., Cuppens, F., Saurel, C., Balbiani, P., Deswarte, Y., Trouessin, G.: Organization based access control. In: Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2003). IEEE Computer Society, Washington, DC (2003)
Jaeger, T., Michailidis, T., Rada, R.: Access Control in a Virtual University. In: Proc. of the 8th International IEEE Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, California, USA, pp. 135–140 (1999)
Barka, E.: Framework for Role-Based Delegation Models. PhD Thesis, George Mason University (2002)
Sandhu, R.: Role activation hierarchies. In: Proceedings of the Third ACM Workshop on Role-Based Access Control (RBAC 1998), pp. 33–40. ACM, New York (1998)
Moffett, J., Lupu, E.: The uses of role hierarchies in access control. In: Proceedings of the Fourth ACM Workshop on Role-Based Access Control (RBAC 1999), pp. 153–160. ACM, New York (1999)
Xuexiong, Y., Qinxian, W., Changzheng, X.: A Multiple Hierarchies RBAC Model. In: International Conference on Communications and Mobile Computing (2010)
Eckel, B.: Thinking in Java, 2nd edn., p. 261. Prentice-Hall (2000)
Liang, D.: Introduction to Java Programming, Comprehensive Version, 5th edn. Prentice Hall (2006)
Chambers, C., Ungar, D., Chang, B., Holzle, U.: Parents are shared parts of objects: inheritance and encapsulation in SELF. Lisp Symb. Comput., pp. 207–222 (1991)
Ducournau, R., Habib, M., Huchard, M., Mugnier, M.L.: Monotonic conflict resolution mechanisms for inheritance. In: Conference Proceedings on Object-Oriented Programming Systems, Languages, and Applications (OOPSLA 1992). ACM, New York (1992)
Sandhu, R., Bhamidipati, V.: The ASCAA Principles for Next-Generation Role-Based Access Control. In: Proc. 3rd International Conference on Availability, Reliability and Security (ARES), Barcelona, Spain (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Nassr, N., Steegmans, E. (2012). ROAC: A Role-Oriented Access Control Model. In: Askoxylakis, I., Pöhls, H.C., Posegga, J. (eds) Information Security Theory and Practice. Security, Privacy and Trust in Computing Systems and Ambient Intelligent Ecosystems. WISTP 2012. Lecture Notes in Computer Science, vol 7322. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30955-7_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-30955-7_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30954-0
Online ISBN: 978-3-642-30955-7
eBook Packages: Computer ScienceComputer Science (R0)