Role-Based Access Control (RBAC) has become the de facto standard for realizing authorization requirements in a wide range of organizations. Existing RBAC models suffer from two main shortcomings; lack of expressiveness of roles/permissions and ambiguities of their hierarchies. Roles/permissions expressiveness is limited since roles do not have the ability to express behaviour and state, while hierarchical RBAC cannot reflect real organizational hierarchies. In this paper, we propose a novel access control model: The Role-Oriented Access Control Model (ROAC), which is based on the concepts of RBAC but inspired by the object-oriented paradigm. ROAC greatly enhances expressiveness of roles and permissions by introducing parameters and methods as members. The hierarchical ROAC model supports selective inheritance of permissions.


Access Control RBAC Authorization Role Hierarchies 


  1. 1.
  2. 2.
    Ferraiolo, D., Kuhn, D.: Role-based access control. In: Proceedings of the 15th National Computer Security Conference (1992)Google Scholar
  3. 3.
    Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based access control models. IEEE Computer, 38–47 (1996)Google Scholar
  4. 4.
    ANSI INCITS 359, Standard for Role Based Access Control (2004)Google Scholar
  5. 5.
    Abdallah, A., Khayat, E.: A Formal Model for Parameterized Role-Based Access Control. In: Dimitrakos, T., Martinelli, F. (eds.) FAST 2004. IFIP, vol. 173, pp. 233–246. Springer, Boston (2005)Google Scholar
  6. 6.
    Fischer, J., Marino, D., Majumdar, R., Millstein, T.: Fine-Grained Access Control with Object-Sensitive Roles. In: Drossopoulou, S. (ed.) ECOOP 2009. LNCS, vol. 5653, pp. 173–194. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  7. 7.
    Kalam, A., Benferhat, S., Miege, A., Baida, R., Cuppens, F., Saurel, C., Balbiani, P., Deswarte, Y., Trouessin, G.: Organization based access control. In: Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2003). IEEE Computer Society, Washington, DC (2003)Google Scholar
  8. 8.
    Jaeger, T., Michailidis, T., Rada, R.: Access Control in a Virtual University. In: Proc. of the 8th International IEEE Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, California, USA, pp. 135–140 (1999)Google Scholar
  9. 9.
    Barka, E.: Framework for Role-Based Delegation Models. PhD Thesis, George Mason University (2002)Google Scholar
  10. 10.
    Sandhu, R.: Role activation hierarchies. In: Proceedings of the Third ACM Workshop on Role-Based Access Control (RBAC 1998), pp. 33–40. ACM, New York (1998)CrossRefGoogle Scholar
  11. 11.
    Moffett, J., Lupu, E.: The uses of role hierarchies in access control. In: Proceedings of the Fourth ACM Workshop on Role-Based Access Control (RBAC 1999), pp. 153–160. ACM, New York (1999)CrossRefGoogle Scholar
  12. 12.
    Xuexiong, Y., Qinxian, W., Changzheng, X.: A Multiple Hierarchies RBAC Model. In: International Conference on Communications and Mobile Computing (2010)Google Scholar
  13. 13.
    Eckel, B.: Thinking in Java, 2nd edn., p. 261. Prentice-Hall (2000)Google Scholar
  14. 14.
    Liang, D.: Introduction to Java Programming, Comprehensive Version, 5th edn. Prentice Hall (2006)Google Scholar
  15. 15.
    Chambers, C., Ungar, D., Chang, B., Holzle, U.: Parents are shared parts of objects: inheritance and encapsulation in SELF. Lisp Symb. Comput., pp. 207–222 (1991)Google Scholar
  16. 16.
    Ducournau, R., Habib, M., Huchard, M., Mugnier, M.L.: Monotonic conflict resolution mechanisms for inheritance. In: Conference Proceedings on Object-Oriented Programming Systems, Languages, and Applications (OOPSLA 1992). ACM, New York (1992)Google Scholar
  17. 17.
    Sandhu, R., Bhamidipati, V.: The ASCAA Principles for Next-Generation Role-Based Access Control. In: Proc. 3rd International Conference on Availability, Reliability and Security (ARES), Barcelona, Spain (2008)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Nezar Nassr
    • 1
  • Eric Steegmans
    • 1
  1. 1.Dept. of Computer Science and EngineeringKatholieke Universiteit LeuvenLeuvenBelgium

Personalised recommendations