New role-based access control in ubiquitous e-business environment
Ubiquitous e-business is one of major topics in intelligent manufacturing systems. Ubiquitous e-business environment requires security features including access control. Traditional access control models such as access control list (ACL), mandatory access control (MAC), and role-based access control (RBAC) are unsuitable for a ubiquitous e-business environment because they cannot satisfy its requirements. In this study, we propose a new access control model termed the Ubi-RBAC model. It is based on the RBAC model and adds new components such as space, space hierarchy, and context constraints. Ubi-RBAC covers the context awareness and mobility of subjects (human users), which are the key issues of access control in the ubiquitous e-business environment.
KeywordsIMS Access control RBAC Ubiquitous e-Business Context awareness
Unable to display preview. Download preview PDF.
- Ferraio, D., Cugini, J., & Kuhn, R. (1995). Role-based access control (RBAC): Features and motivations. Proceedings of the 11th Annual Computer Security Application Conference. Anaheim, California, USA.Google Scholar
- Gavrila, S. I., & Barkley, J. F. (1998). Formal specification for role based access control user/role and role/role relationship management. Proceedings of the 3rd ACM workshop on Role-Based Access Control. Fairfax, Virginia, USA.Google Scholar
- IMS. http://www.ims.or.. Accessed April 20, 2008.
- Oh S., Park J. (2004) Requirement analysis for access control model on ubiquitous computing environment. Journal of Korea Information Processing Society 11-A(7): 563–570Google Scholar
- Park, J., & Sandhu, R. (2002). Towards usage control models: Beyond traditional access control. Proceedings of 7th ACM Symposium on Access Control Models and Technologies (SACMAT 2002). Monterey, California, USA, pp. 57–64.Google Scholar
- Sampemane, G., Naldrug, P., & Cambell, R. (2002). Access control for active space. Proceedings of the 18th Annual Computer Security Application Conference. Washington, DC, USA, pp. 343–352.Google Scholar
- Sandhu, R. (1995). Rationale for the RBAC96 family of access control models. Proceedings of ACM Workshop on Role-Based Access Control. Gaithersburg, Maryland, USA.Google Scholar
- Sandhu, R., Bhamidipati, V., & Munawer, Q. (1999). The ARBAC97 model for role-based administration of roles. ACM Transactions on Information and System Security, 1, 2 (TISSEC).Google Scholar
- Sandhu R., Coyne E.J., Feinstein H.L., Youman C.E. (1996) Role-based access control method. IEEE Computer 1.29: 38–47Google Scholar
- Wang, H., Zhang, Y., & Cao, J. (2006). Ubiquitous computing environments and its usage access control. Proceedings of the First International Conference on Scalable Information Systems. HongKong, China.Google Scholar
- Wedde, H.F., & Lischka, M. (2004). Role-based access control in ambient and remote space. Proceedings of 9th ACM Symposium on Access Control Models and Technologies (SACMAT 2004). Yorktown Heights, New York, USA, pp. 21–30.Google Scholar
- Zhang, G., & Parashar, M. (2004). Context-aware dynamic access control for pervasive applications. Proceedings of the Communication Networks and Distributed Systems Modeling and Simulation Conference (pp. 21–30).Google Scholar