Symmetric RBAC model that takes the separation of duty and role hierarchies into consideration

Chang Joo Moon, Dae Ha Park, Soung Jin Park, Doo Kwon Baik

    Research output: Contribution to journalArticlepeer-review

    24 Citations (Scopus)

    Abstract

    RBAC is a family of reference models in which permissions are assigned to roles, and users are also assigned to appropriate roles. Studies on the permission-role part of RBAC model are relatively insufficient compared with those on the user-role part, and researches on symmetric RBAC models to overcome this is also in an incipient stage. Therefore there is difficulty in assigning permissions suitable for roles. This paper proposes a symmetric RBAC model that supplements the constraints on permission assignment set forth by previous studies. The proposed symmetric RBAC model reflects the conflicts of interests between roles and the sharing and integration of permissions on the assignment of permissions by presenting the constraints on permission assignment that take the separation of duties and role hierarchies into consideration. In addition, by expressing constraints prescribing prerequisite relations between permissions through AND/OR graphs, it is possible to effectively limit the complicated prerequisite relations of permissions. The constraints on permission assignment for the proposed symmetric RBAC model reduce errors in permission assignment by properly detailing rules to observe at the time of permission assignment.

    Original languageEnglish
    Pages (from-to)126-136
    Number of pages11
    JournalComputers and Security
    Volume23
    Issue number2
    DOIs
    Publication statusPublished - 2004 Mar

    Keywords

    • Authorization
    • Constraint
    • Permission Assignment
    • RBAC
    • Role

    ASJC Scopus subject areas

    • General Computer Science
    • Law

    Fingerprint

    Dive into the research topics of 'Symmetric RBAC model that takes the separation of duty and role hierarchies into consideration'. Together they form a unique fingerprint.

    Cite this