Computer Science ›› 2015, Vol. 42 ›› Issue (3): 117-123.doi: 10.11896/j.issn.1002-137X.2015.03.024

Previous Articles     Next Articles

Security Principles for RBAC-based Authorization Management

XIONG Hou-ren, CHEN Xing-yuan, ZHANG Bin and YANG Yan   

  • Online:2018-11-14 Published:2018-11-14

Abstract: Security principles are greatly significant to security analysis of authorization management model,but they are given little attention and are open problems.This paper proposed many security principles for RBAC-based authorization model with the aim at the security of the model.The security properties of RBAC were presented,including simple safety,simple availability,bounded safety,liveness and containment.Based on deep anatomy of security requirement in authorization management,the problems including data consistency,authorization without redundancy,controllable privi-lege diffusing,controllable management privilege delegating,satisfaction of separation of duty and privilege availability were discussed.The proposed security principles include consistency,security and availability principles.Analysis result indicates that the security principles are consistent with the security properties of RBAC,which can support the security requirements of authorization management efficiently and provide criterions for evaluating the security of RBAC-based authorization model.

Key words: Access control,Authorization management,Role-base access control,Security principles,Separation of duty,Mutually exclusive

[1] Ferraiolo D,Kuhn D R.Role-Based access control[C]∥Procee-dings of the 15th National Computer Security Conference.1992:554-563
[2] Sandhu R,Coyne E,Feinstein H,et al.Role-based Access Control Models[J].IEEE Computer,1996,29(2):38-47
[3] Ferraiolo D,Sandhu R,Guirila S,et al.Proposed NIST Standard for Role-based Access Control[J].ACM Transactions on Information and System Security,2001,4(3):224-274
[4] Munawer Q,Sandhu R S.Simulation of the augmented typed access matrix model (ATAM) using roles[C]∥Proceedings of INFOSECU99 International Conference on Information and Security.1999
[5] Crampton J.Authorizations and antichains[D].Thesis,BirbeckCollege,University of London,UK,2002
[6] Koch M,Mancini LV,Parisi-Presicce F.Decidability of safety in graph based models for access control[C]∥Proceedings of the 7th European Symposiumon Research in Computer Security.2002:229-243
[7] Li N H,Mitchell J C,Winsborough W H.Beyond proof-of-compliance:Security analysis in trust management[J].Journal of the ACM,2005,2(3):474-514
[8] Li N,Tripunitara M.Security analysis in role based access control[J].ACM Transactions on Information and System Security,2006,9(4):391-420
[9] Sasturkar A,Yang P,Stoller S D,et al.Policy analysis for administrative role based access control[C]∥Proceedings of the 19th IEEE Workshop on Computer Security Foundations.Washington:IEEE Computer Society,2006:124-138
[10] Habib M A,Abbas Q.Mutually exclusive permissions in RBAC[J].Int.J.Internet Technology and Secured Transactions,2012, 4(2/3):207-220
[11] Ferrara A L,Madhusudan P,Parlato G.Security Analysis ofRole-based Access Control through Program Verification[C]∥Proceedings of 2012 IEEE 25TH Computer Security Foundations Symposium.2012:113-125
[12] Yang Ping,Gofman M,Yang Zi-jiang.Policy Analysis for Ad-ministrative Role Based Access Control without Separate Administration[C]∥Wang L,Shafiq B,eds.IFIP International Federation for Information Processing 2013(DBSec 2013).LNCS 7964,2013:49-64
[13] Liu Xiao-fan,Alechina N,Logan B.Expressing User Access Authorization Exceptions in Conventional Role-Based Access Control[C]∥Deng R H,Feng T,eds.Springer-Verlag Berlin Heidelberg 2013(ISPEC 2013).LNCS 7863,2013:233-247
[14] 王婷.面向授权管理的资源管理模型研究[D].郑州:信息工程大学,2011
[15] Harrison M A,Ruzzo W L,Ullman J D.Protection in operation systems[J].Communications of the ACM,1976,19(8):461-471
[16] 刘强,姜云飞,李黎明.RBAC系统的权限泄漏问题及分析方法[J].计算机集成制造系统,2010,16(2):431-438
[17] 徐璐.基于安全标记的Web应用访问控制技术研究[D].郑州:信息工程大学,2009

No related articles found!
Full text



No Suggested Reading articles found!