Applying RBAC Providing Restricted Permission Inheritance to a Corporate Web Environment
- 465 Downloads
A successful marriage of Web and RBAC technology can support effective enterprise-wide security in large-scale systems. But RBAC has a role hierarchy concept that senior role inherits all permissions of junior roles. In the corporate environments, senior role need not have all authority of junior roles, and unconditional inheritance in role hierarchy causes undesirable side effects(permission abuse) and violates the principle of least privilege. In this paper1, we re-explore role and permission inheritance and propose a new model providing restricted permission inheritance. To do this, we divide a single role into sub-roles(Corporate/Department Common role, Restricted Inheritance role, Private Role) based on the degree of inheritance and business characteristics and make role hierarchy with sub-roles. It is very useful to solve unconditional inheritance problem in a corporate environment. And we describe formal description of proposed model. Lastly, we show a system architecture applying RBAC with proposed model within a corporate web environment.
Unable to display preview. Download preview PDF.
- 2.Joon S. Park, Ravi Sandhu: RBAC on the Web by Smart Certificates, Proceedings of the fourth ACM workshop on RBAC(1999) 1–9Google Scholar
- 3.Zahir Tari, Shun-Wu Chan: A Role-Based Access Control For Internet Security. IEEE Internet Computing(1997) 24–34Google Scholar
- 4.MyongJae Kim, YongHoon Yi, HyungHyo Lee and BongNam Noh: A Design Methodology of Role Hierarchies providing Restricted Permission Inheritance. Proceeding of Conference on Information Security and Cryptology, Korea institute of Information Security & Cryptology (2002) 326–329Google Scholar
- 5.Sejong Oh, Seog Park: Task-Role Based Access Control(T-RBAC): An Improved Access Control Model for Enterprise Environment. DEXA2000(2000)Google Scholar
- 6.Ravi S. Sandhu: Role-Based Access Control Models IEEE Computer, Feb(1996)Google Scholar
- 7.Joon S. Park, Ravi Sandhu, and SreeLatha Ghanta: RBAC on the Web by secure cookies. In Proceedings of the IFIP WG11.3 Workshop on Database Security(1999)Google Scholar