Extended RBAC Model with Task-Constraint Rules
RBAC model supports the principle of least privilege by the appropriate combination of roles assigned to users. However, the minimum role set is hard to find. Role hierarchy and inheritance can result in aggregating lots of permissions. To solve this problem, previous work mainly studies the approximate least privilege set by trying to find the minime role sets. However, to reduce the unnecessary privileges is another key issue to solve the problem. To this aim, the concept of task is taken as a kind of constraints introduced to the RBAC model, which contains four constraint rules that can flexibly control the permission inheritance and role activations. An example is showed the four rules can effectively be used to reduce redundanct permissions.
KeywordsAccess control RBAC Task Role
Unable to display preview. Download preview PDF.
- 2.Byuens, K., Scandariato, R., Joosen, W.: Least privilege analysis in software architectures. Software and System Modeling (November 2011)Google Scholar
- 5.Wei, L., Cai, J.-Y., He, Y.-P.: Implicit Authorization Analysis of Role-Based Administrative Model. Journal of Software 20(4), 1048–1057 (2009) (in Chinese)Google Scholar
- 6.ANSI INCITS 359-2004. Role Based Access Control. American National Standards Institute (2004)Google Scholar
- 7.Sandhu, R., Bhamidipati, V.: The ASCAA Principles for Next-Generation Role-Based Access Control. In: Proceedings of 3rd International Conference on Availability, Reliability and Security, Barcelona, Spain (2008)Google Scholar
- 8.Deng, J.B., Hong, F.: Task-Based Access Control Model. Journal of Software 14(1), 76–82 (2003) (in Chinese)Google Scholar