Skip to main content
SpringerLink
Log in
Book cover

International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security

MMM-ACNS 2012: Computer Network Security pp 84–96Cite as

RABAC: Role-Centric Attribute-Based Access Control

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 7531))

Abstract

Role-based access control (RBAC) is a commercially dominant model, standardized by the National Institute of Standards and Technology (NIST). Although RBAC provides compelling benefits for security management it has several known deficiencies such as role explosion, wherein multiple closely related roles are required (e.g., attending-doctor role is separately defined for each patient). Numerous extensions to RBAC have been proposed to overcome these shortcomings. Recently NIST announced an initiative to unify and standardize these extensions by integrating roles with attributes, and identified three approaches: use attributes to dynamically assign users to roles, treat roles as just another attribute, and constrain the permissions of a role via attributes. The first two approaches have been previously studied. This paper presents a formal model for the third approach for the first time in the literature. We propose the novel role-centric attribute-based access control (RABAC) model which extends the NIST RBAC model with permission filtering policies. Unlike prior proposals addressing the role-explosion problem, RABAC does not fundamentally modify the role concept and integrates seamlessly with the NIST RBAC model. We also define an XACML profile for RABAC based on the existing XACML profile for RBAC.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. OASIS, Extensible access control markup language (XACML), v2.0 (2005).

    Google Scholar 

  2. Sun’s XACML implementation, http://sunxacml.sourceforge.net/index.html

  3. Abdallah, A.E., Khayat, E.J.: A Formal Model for Parameterized Role-Based Access Control. In: Formal Aspects in Security and Trust (2004)

    Google Scholar 

  4. Al-Kahtani, M.A., Sandhu, R.: A model for attribute-based user-role assignment. In: ACSAC (2002)

    Google Scholar 

  5. Anderson, A.: XACML profile for role based access control (RBAC). Technical Report Draft 1, OASIS (February 2004)

    Google Scholar 

  6. Bao, Y., Song, J., Wang, D., Shen, D., Yu, G.: A Role and Context Based Access Control Model with UML. In: ICYCS (2008)

    Google Scholar 

  7. Chadwick, D.W., Otenko, A., Ball, E.: Implementing Role Based Access Controls Using X.509 Attribute Certificates. IEEE Internet Computing (2003)

    Google Scholar 

  8. Chakraborty, S., Ray, I.: TrustBAC: integrating trust relationships into the RBAC model for access control in open systems. In: SACMAT (2006)

    Google Scholar 

  9. Cirio, L., Cruz, I.F., Tamassia, R.: A Role and Attribute Based Access Control System Using Semantic Web Technologies. In: Meersman, R., Tari, Z. (eds.) OTM-WS 2007, Part II. LNCS, vol. 4806, pp. 1256–1266. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  10. Covington, M.J., Long, W., Srinivasan, S., Dev, A.K., Ahamad, M., Abowd, G.D.: Securing context-aware applications using environment roles. In: SACMAT (2001)

    Google Scholar 

  11. Covington, M.J., Sastry, M.R.: A Contextual Attribute-Based Access Control Model. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops. LNCS, vol. 4278, pp. 1996–2006. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  12. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Richard Kuhn, D., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. on Infor. and Sys. Sec. (2001)

    Google Scholar 

  13. Fischer, J., Marino, D., Majumdar, R., Millstein, T.: Fine-Grained Access Control with Object-Sensitive Roles. In: Drossopoulou, S. (ed.) ECOOP 2009. LNCS, vol. 5653, pp. 173–194. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  14. Fong, P.W.L.: Relationship-based access control: protection model and policy language. In: CODASPY (2011)

    Google Scholar 

  15. Fuchs, L., Pernul, G., Sandhu, R.S.: Roles in information security-A survey and classification of the research area. Computers & Security (2011)

    Google Scholar 

  16. Gallagher, M.P., O’Connor, A.C., Kropp, B.: The economic impact of role-based access control. In: Planning report 02-1, NIST, (March 2002)

    Google Scholar 

  17. Ge, M., Osborn, S.L.: A design for parameterized roles. In: DBSec (2004)

    Google Scholar 

  18. Giuri, L., Iglio, P.: Role templates for content-based access control. In: Proc. of the Second ACM Workshop on RBAC. ACM (1997)

    Google Scholar 

  19. Huang, J., Nicol, D., Bobba, R., Huh, J.H.: A Framework Integrating Attribute-based Policies into RBAC. In: SACMAT (2012)

    Google Scholar 

  20. Jin, X., Krishnan, R., Sandhu, R.: A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC. In: DBSec (2012)

    Google Scholar 

  21. Kalam, A.A.E., Benferhat, S., Miege, A., Baida, R.E., Cuppens, F., Saurel, C., Balbiani, P., Deswarte, Y., Trouessin, G.: Organization based access control. In: POLICY (2003)

    Google Scholar 

  22. Karp, A.H., Haury, H., Davis, M.H.: From ABAC to ZBAC: the evolution of access control models, In: Tech. Report, HP Labs (2009)

    Google Scholar 

  23. Richard Kuhn, D., Coyne, E.J., Weil, T.R.: Adding Attributes to Role-Based Access Control. IEEE Computer 43(6), 79–81 (2010)

    Article  Google Scholar 

  24. Kumar, A., Karnik, N., Chafle, G.: Context sensitivity in role-based access control. SIGOPS Oper. Syst. Rev. 36(3), 53–66 (2002)

    Article  Google Scholar 

  25. Sandhu, R., Bhamidipati, V., Munawer, Q.: The ARBAC97 model for role-based administration of roles. ACM Trans. on Info. and Sys. Sec. (1999)

    Google Scholar 

  26. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

  27. Xu, M., Wijesekera, D., Zhang, X., Cooray, D.: Towards Session-Aware RBAC Administration and Enforcement with XACML. In: POLICY (2009)

    Google Scholar 

  28. Yong, J., Bertino, E., Toleman, M., Roberts, D.: Extended RBAC with role attributes. In: 10th Pacific Asia Conf. on Info. Sys. (2006)

    Google Scholar 

  29. Zhang, Z., Zhang, X., Sandhu, R.: ROBAC: Scalable role and organization based access control models. In: IEEE TrustCol (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute for Cyber Security & Department of Computer Science, University of Texas at San Antonio, USA

    Xin Jin & Ravi Sandhu

  2. Institute for Cyber Security & Dept. of Elect. and Computer Engg., University of Texas at San Antonio, USA

    Ram Krishnan

Authors
  1. Xin Jin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ravi Sandhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ram Krishnan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. St. Petersburg Institute for Informatics and Automation, Russian Academy of Science, 39, 14th Liniya, 199178, St.-Petersburg, Russia

    Igor Kotenko

  2. Binghamton University (SUNYI), 13902, Binghamton, NY, USA

    Victor Skormin

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Jin, X., Sandhu, R., Krishnan, R. (2012). RABAC: Role-Centric Attribute-Based Access Control. In: Kotenko, I., Skormin, V. (eds) Computer Network Security. MMM-ACNS 2012. Lecture Notes in Computer Science, vol 7531. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33704-8_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-33704-8_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-33703-1

  • Online ISBN: 978-3-642-33704-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation