Expressing User Access Authorization Exceptions in Conventional Role-Based Access Control

Liu, Xiaofan; Alechina, Natasha; Logan, Brian

doi:10.1007/978-3-642-38033-4_17

Xiaofan Liu^18,19,
Natasha Alechina¹⁸ &
Brian Logan¹⁸

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7863))

Included in the following conference series:

International Conference on Information Security Practice and Experience

1116 Accesses

Abstract

In this paper we present a systematic categorization of the user access authorization exceptions which may occur in conventional role-based access control models. We propose a slightly revised NIST RBAC model which allows us to express all the authorization exceptions we consider. We give a formal definition of the model and show how it can be implemented in Datalog with negation to give simple and efficient algorithm for computing authorization decisions. As an illustration, we present a simple case study from the domain of medical informatics and show how a range of different kinds of authorization exceptions that may arise in such a domain can be expressed in our approach.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Abiteboul, S., Hull, R., Vianu, V.: Foundations of Databases. Addison-Wesley (November 1994)
Google Scholar
Bacon, J., Lloyd, M., Moody, K.: Translating role-based access control policy within context. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 107–119. Springer, Heidelberg (2001)
Chapter Google Scholar
Bacon, J., Moody, K., Yao, W.: A model of OASIS role-based access control and its support for active security. ACM Transactions on Information and System Security 5(4), 492–540 (2002)
Article Google Scholar
Bertino, E., Catania, B., Ferrari, E., Perlasca, P.: A logical framework for reasoning about access control models. ACM Transactions on Information and System Security 6(1), 71–127 (2003)
Article Google Scholar
HL7 Security Technical Committee. Role Based Access Control (RBAC) Healthcare Permission Catalog. HL7 Security Technical Committee (January 2010)
Google Scholar
Crampton, J.: On permissions, inheritance and role hierarchies. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 85–92 (2003)
Google Scholar
Ferraiolo, D.F., Sandhu, R.S., Gavrila, S.I., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security 4, 224–274 (2001)
Article Google Scholar
Goh, C., Baldwin, A.: Towards a more complete model of role. In: ACM Workshop on Role-Based Access Control, pp. 55–62 (1998)
Google Scholar
Halpern, J.Y., Weissman, V.: Using first-order logic to reason about policies. ACM Transactions on Information and System Security 11, 21:1–21:41 (2008)
Article Google Scholar
Li, N., Byun, J.-W., Bertino, E.: A critique of the ANSI standard on role-based access control. IEEE Security & Privacy 5(6), 41–49 (2007)
Article Google Scholar
Moffett, J.D., Lupu, E.: The uses of role hierarchies in access control. In: ACM Workshop on Role-Based Access Control, pp. 153–160 (1999)
Google Scholar
Power, D.J., Slaymaker, M., Simpson, A.C.: On formalizing and normalizing role-based access control systems. Computer Journal 52(3), 305–325 (2009)
Article Google Scholar
Reid, J., Cheong, I., Henricksen, M., Smith, J.: A novel use of RBAC to protect privacy in distributed health care information systems. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 403–415. Springer, Heidelberg (2003)
Chapter Google Scholar
Sandhu, R., Bellare, M., Ganesan, R.: Password-enabled PKI: Virtual smart cards versus virtual soft tokens. In: PKI Research Workshop (April 2002)
Google Scholar
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)
Article Google Scholar

Download references

Author information

Authors and Affiliations

School of Computer Science, University of Nottingham, Nottingham, NG8 1BB, UK
Xiaofan Liu, Natasha Alechina & Brian Logan
School of Computer and Communication, Hunan University, Hunan, 410081, P. R. China
Xiaofan Liu

Authors

Xiaofan Liu
View author publications
You can also search for this author in PubMed Google Scholar
Natasha Alechina
View author publications
You can also search for this author in PubMed Google Scholar
Brian Logan
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

School of Information Systems, Singapore Management University, 178902, Singapore, Singapore
Robert H. Deng
School of Computer and Communication, University of technology, 730050, Lanzhou, China
Tao Feng

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Liu, X., Alechina, N., Logan, B. (2013). Expressing User Access Authorization Exceptions in Conventional Role-Based Access Control. In: Deng, R.H., Feng, T. (eds) Information Security Practice and Experience. ISPEC 2013. Lecture Notes in Computer Science, vol 7863. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38033-4_17

Download citation

DOI: https://doi.org/10.1007/978-3-642-38033-4_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38032-7
Online ISBN: 978-3-642-38033-4
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics