An Access Control Model of Workflow System Integrating RBAC and TBAC
Basing on the integration of two models, RBAC and TBAC, an access control model called Role-Task Based Access Control (R&TBAC) is given, which takes two parts as combining sites, one is the role and trustee, the other is the role permission assignment and trustee permissions. A set of fundamental conceptions, a series of authorization processes, a formalized description and some modeling tools about this model are given. This model has both intuitionistic and dynamic characteristics. It also has some other advantages, such as economical for memory space, convenient to maintain and control etc.
KeywordsAccess Control Model Access Permission Trustee Permission Role Hierarchy RBAC Model
- 2.S. Kandala and R. Sandhu, Secure Role-based workflow Models. Proc of the 15th IFIP WG 11.3 Working Comference on Database Security. Niagara, Ontario, Canda, Kluwer Academic Publishers (2002).Google Scholar
- 4.R.K. Thomas and R.S. Sandhu, Towards a task-based paradigm for flexible and adaptable access control in distributed applications. Proc of the 1992–1993 CM SIGSAC New security Paradigms Workshops. Little Compton, Rhode Island, US: ACM Press (1993).Google Scholar
- 5.R.K. Thomas and R.S. Sandhu, Conceptual Foundations for a Model of Task-based Authorizations, Proc of the 7th IEEE Computer Security Foundations Workshop. Franconia NH: IEEE Com, 66–79 (1994).Google Scholar