Abstract
In this paper we present a systematic categorization of the user access authorization exceptions which may occur in conventional role-based access control models. We propose a slightly revised NIST RBAC model which allows us to express all the authorization exceptions we consider. We give a formal definition of the model and show how it can be implemented in Datalog with negation to give simple and efficient algorithm for computing authorization decisions. As an illustration, we present a simple case study from the domain of medical informatics and show how a range of different kinds of authorization exceptions that may arise in such a domain can be expressed in our approach.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abiteboul, S., Hull, R., Vianu, V.: Foundations of Databases. Addison-Wesley (November 1994)
Bacon, J., Lloyd, M., Moody, K.: Translating role-based access control policy within context. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 107–119. Springer, Heidelberg (2001)
Bacon, J., Moody, K., Yao, W.: A model of OASIS role-based access control and its support for active security. ACM Transactions on Information and System Security 5(4), 492–540 (2002)
Bertino, E., Catania, B., Ferrari, E., Perlasca, P.: A logical framework for reasoning about access control models. ACM Transactions on Information and System Security 6(1), 71–127 (2003)
HL7 Security Technical Committee. Role Based Access Control (RBAC) Healthcare Permission Catalog. HL7 Security Technical Committee (January 2010)
Crampton, J.: On permissions, inheritance and role hierarchies. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 85–92 (2003)
Ferraiolo, D.F., Sandhu, R.S., Gavrila, S.I., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security 4, 224–274 (2001)
Goh, C., Baldwin, A.: Towards a more complete model of role. In: ACM Workshop on Role-Based Access Control, pp. 55–62 (1998)
Halpern, J.Y., Weissman, V.: Using first-order logic to reason about policies. ACM Transactions on Information and System Security 11, 21:1–21:41 (2008)
Li, N., Byun, J.-W., Bertino, E.: A critique of the ANSI standard on role-based access control. IEEE Security & Privacy 5(6), 41–49 (2007)
Moffett, J.D., Lupu, E.: The uses of role hierarchies in access control. In: ACM Workshop on Role-Based Access Control, pp. 153–160 (1999)
Power, D.J., Slaymaker, M., Simpson, A.C.: On formalizing and normalizing role-based access control systems. Computer Journal 52(3), 305–325 (2009)
Reid, J., Cheong, I., Henricksen, M., Smith, J.: A novel use of RBAC to protect privacy in distributed health care information systems. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 403–415. Springer, Heidelberg (2003)
Sandhu, R., Bellare, M., Ganesan, R.: Password-enabled PKI: Virtual smart cards versus virtual soft tokens. In: PKI Research Workshop (April 2002)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Liu, X., Alechina, N., Logan, B. (2013). Expressing User Access Authorization Exceptions in Conventional Role-Based Access Control. In: Deng, R.H., Feng, T. (eds) Information Security Practice and Experience. ISPEC 2013. Lecture Notes in Computer Science, vol 7863. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38033-4_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-38033-4_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38032-7
Online ISBN: 978-3-642-38033-4
eBook Packages: Computer ScienceComputer Science (R0)