Advertisement

Applying RBAC Providing Restricted Permission Inheritance to a Corporate Web Environment

  • YongHoon Yi
  • MyongJae Kim
  • YoungLok Lee
  • HyungHyo Lee
  • BongNam Noh
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2642)

Abstract

A successful marriage of Web and RBAC technology can support effective enterprise-wide security in large-scale systems. But RBAC has a role hierarchy concept that senior role inherits all permissions of junior roles. In the corporate environments, senior role need not have all authority of junior roles, and unconditional inheritance in role hierarchy causes undesirable side effects(permission abuse) and violates the principle of least privilege. In this paper1, we re-explore role and permission inheritance and propose a new model providing restricted permission inheritance. To do this, we divide a single role into sub-roles(Corporate/Department Common role, Restricted Inheritance role, Private Role) based on the degree of inheritance and business characteristics and make role hierarchy with sub-roles. It is very useful to solve unconditional inheritance problem in a corporate environment. And we describe formal description of proposed model. Lastly, we show a system architecture applying RBAC with proposed model within a corporate web environment.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    David F. Ferraiolo, John F. Barkley, and D. Ricard Kuhn: A Role-Based Access Control Model and Reference Implementation With a Corporate Intranet. ACM Transactions on Information and System Security, Vol 2, No. 1 (1999) 34–64CrossRefGoogle Scholar
  2. 2.
    Joon S. Park, Ravi Sandhu: RBAC on the Web by Smart Certificates, Proceedings of the fourth ACM workshop on RBAC(1999) 1–9Google Scholar
  3. 3.
    Zahir Tari, Shun-Wu Chan: A Role-Based Access Control For Internet Security. IEEE Internet Computing(1997) 24–34Google Scholar
  4. 4.
    MyongJae Kim, YongHoon Yi, HyungHyo Lee and BongNam Noh: A Design Methodology of Role Hierarchies providing Restricted Permission Inheritance. Proceeding of Conference on Information Security and Cryptology, Korea institute of Information Security & Cryptology (2002) 326–329Google Scholar
  5. 5.
    Sejong Oh, Seog Park: Task-Role Based Access Control(T-RBAC): An Improved Access Control Model for Enterprise Environment. DEXA2000(2000)Google Scholar
  6. 6.
    Ravi S. Sandhu: Role-Based Access Control Models IEEE Computer, Feb(1996)Google Scholar
  7. 7.
    Joon S. Park, Ravi Sandhu, and SreeLatha Ghanta: RBAC on the Web by secure cookies. In Proceedings of the IFIP WG11.3 Workshop on Database Security(1999)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • YongHoon Yi
    • 1
  • MyongJae Kim
    • 1
  • YoungLok Lee
    • 1
  • HyungHyo Lee
    • 2
  • BongNam Noh
    • 1
  1. 1.Dept. of Computer ScienceChonnam Nat’l UniversityGwangjuKorea
  2. 2.Div. of Information and ECWonkwang UniversityIksanKorea

Personalised recommendations