Article

A model for role administration using organization structure

Authors:

Sejong Oh,

Ravi SandhuAuthors Info & Claims

SACMAT '02: Proceedings of the seventh ACM symposium on Access control models and technologies

Pages 155 - 162

https://doi.org/10.1145/507711.507737

Published: 03 June 2002 Publication History

Get Access

Abstract

Role-based access control (RBAC) is recognized as an excellent model for access control in an enterprise environment. In large enterprises, effective RBAC administration is a major issue. ARBAC97 is a well-known solution for decentralized RBAC administration. ARBAC97 authorizes administrative roles by means of role ranges' and prerequisite conditions'. Although attractive and elegant in their own right, we will see that these mechanisms have significant shortcomings.We propose an improved role administration model named ARBAC02 to overcome the weaknesses of ARBAC97. ARBAC02 adopts the organization unit for new user and permission pools independent of role or role hierarchy. It uses a refined prerequisite condition. In addition, we present a bottom-up approach to permission-role administration in contrast to the top-down approach of ARBAC97.

References

[1]

Ravi Sandhu and Venkata Bhamidipati, "The URA97 model for role-based user-role assignment", In Proceedings of IFIP WG 11.3 Workshop on Database Security, August 1997.

Digital Library

Google Scholar

[2]

Ravi Sandhu and Venkata Bhamidipati, "The ARBAC97 model for Role-based administration of Roles: Preliminary Description and Outline", In Proceedings of second ACM Workshop on Role-Based Access Control. November 1997.

Digital Library

Google Scholar

[3]

Ravi Sandhu and Venkata Bhamidipati, "Role-based administration of user-role assignment: The URA97 model and its Oracle implementation", The Journal of Computer Security, Vol.7, 1999.

Digital Library

Google Scholar

[4]

Ravi Sandhu and Qamar Munawer, "The ARBAC99 model for administration of roles", In Proceedings of the Annual Computer Security Applications Conference. 1999.

Digital Library

Google Scholar

[5]

Najam Perwaiz and Ian Sommerville, "Structured management of role-permission relationships", In Proceedings of 6th ACM Symposium on Access Control Models and Technologies (SACMAT2001), May 2001.

Digital Library

Google Scholar

[6]

James B.D. Joshi, Walid G. Aref, Arif Ghafoor, and Eugene H. Spafford, "Security models for web-based applications", Communications of the ACM, Vol. 44, No.2, February 2001.

Digital Library

Google Scholar

[7]

Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles Youman, "Role-Based Access Control Models." IEEE Computer, Volume 29, Number 2, February 1996, pages 38--47.

Digital Library

Google Scholar

[8]

Jonathan D. Moffett, "Control Principles and Role Hierarchies", In Proceedings of the 3rd ACM Workshop on Role-Based Access Control. October 1998.

Digital Library

Google Scholar

[9]

Jonathan D. Moffett and Emil C. Lupu, "The use of role hierarchies in access control", In Proceedings of the 4th ACM Workshop on Role-Based Access Control. October 1999.

Digital Library

Google Scholar

[10]

Sylvia Osborn, Ravi Sandhu and Qamar Munawer, "Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies", ACM Transactions on Information and System Security, Volume 3, Number 2, May 2000, pages 85--106.

Digital Library

Google Scholar

[11]

Ravi Sandhu, Venkata Bhamidipati and Qamar Munawer, "The ARBAC97 Model for Role-Based Administration of Roles", ACM Transactions on Information and System Security, Volume 2, Number 1, February 1999, pages 105--135.

Digital Library

Google Scholar

[12]

Matunda Nyanchama and Sylvia Osborn, "The Role Graph Model and Conflict of Interest", ACM Transactions on Information and System Security, Vol. 2, No. 1, February 1999, pages 3--33.

Digital Library

Google Scholar

Cited By

View all

Cras SLackner ABegic NMirhosseini SKirchmayr N(2022)Collaborative Administration of Role-Based Access Control in Smart Contracts2022 4th Conference on Blockchain Research & Applications for Innovative Networks and Services (BRAINS)10.1109/BRAINS55737.2022.9909116(87-94)Online publication date: 27-Sep-2022
https://doi.org/10.1109/BRAINS55737.2022.9909116
Shakarami MSandhu RGupta MAbdelsalam MMittal S(2021)Role-Based Administration of Role-Based Smart Home IoTProceedings of the 2021 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems10.1145/3445969.3450426(49-58)Online publication date: 28-Apr-2021
https://dl.acm.org/doi/10.1145/3445969.3450426
Zhu H(2021)Role ConceptsE‐CARGO and Role‐Based Collaboration10.1002/9781119693123.ch2(35-67)Online publication date: 19-Nov-2021
https://doi.org/10.1002/9781119693123.ch2
Show More Cited By

Index Terms

A model for role administration using organization structure
1. Security and privacy
  1. Security services
    1. Access control
  2. Systems security
    1. Operating systems security

Recommendations

An effective role administration model using organization structure

Role-based access control (RBAC) is a well-accepted model for access control in an enterprise environment. When we apply RBAC model to large enterprises, effective role administration is a major issue. ARBAC97 is a well-known solution for decentralized ...
PBDM: a flexible delegation model in RBAC
SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologies

Role-based access control (RBAC) is recognized as an efficient access control model for large organizations. Most organizations have some business rules related to access control policy. Delegation of authority is among these rules. RBDM0 and RDM2000 ...
A role administration system in role-based authorization infrastructures: design and implementation
SAC '03: Proceedings of the 2003 ACM symposium on Applied computing

In this paper we describe a system whose purpose is to help establish a valid set of roles and role hierarchies with assigned users and associated permissions. We have designed and implemented the system, called RA system, which enables role ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

SACMAT '02: Proceedings of the seventh ACM symposium on Access control models and technologies

June 2002

170 pages

ISBN:1581134967

DOI:10.1145/507711

General Chair:
Ravi Sandhu
George Mason University and SingleSignOn.Net
,
Program Chair:
Elisa Bertino
University of Milano, Italy

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 June 2002

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

SACMAT02

Sponsor:

SIGSAC

SACMAT02: 7th ACM Symposium on Access Control Models and Technologies

June 3 - 4, 2002

California, Monterey, USA

Acceptance Rates

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

83
Total Citations
View Citations
1,708
Total Downloads

Downloads (Last 12 months)48
Downloads (Last 6 weeks)6

Reflects downloads up to 14 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Cras SLackner ABegic NMirhosseini SKirchmayr N(2022)Collaborative Administration of Role-Based Access Control in Smart Contracts2022 4th Conference on Blockchain Research & Applications for Innovative Networks and Services (BRAINS)10.1109/BRAINS55737.2022.9909116(87-94)Online publication date: 27-Sep-2022
https://doi.org/10.1109/BRAINS55737.2022.9909116
Shakarami MSandhu RGupta MAbdelsalam MMittal S(2021)Role-Based Administration of Role-Based Smart Home IoTProceedings of the 2021 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems10.1145/3445969.3450426(49-58)Online publication date: 28-Apr-2021
https://dl.acm.org/doi/10.1145/3445969.3450426
Zhu H(2021)Role ConceptsE‐CARGO and Role‐Based Collaboration10.1002/9781119693123.ch2(35-67)Online publication date: 19-Nov-2021
https://doi.org/10.1002/9781119693123.ch2
Al-Alaj ASandhu RKrishnan R(2020)A Model for the Administration of Access Control in Software Defined Networking using Custom Permissions2020 Second IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA)10.1109/TPS-ISA50397.2020.00032(169-178)Online publication date: Oct-2020
https://doi.org/10.1109/TPS-ISA50397.2020.00032
Wang HCao JZhang YWang HCao JZhang Y(2020)Role-Based Access Control Constraints and Object Constraint LanguageAccess Control Management in Cloud Environments10.1007/978-3-030-31729-4_7(141-158)Online publication date: 30-Sep-2020
https://doi.org/10.1007/978-3-030-31729-4_7
Wang HCao JZhang YWang HCao JZhang Y(2020)Using RBAC to Secure Payment Process in CloudAccess Control Management in Cloud Environments10.1007/978-3-030-31729-4_6(117-138)Online publication date: 30-Sep-2020
https://doi.org/10.1007/978-3-030-31729-4_6
de Kinderen SKaczmarek-Heß M(2019)On model-based analysis of organizational structures: an assessment of current modeling approaches and application of multi-level modeling in support of design and analysis of organizational structuresSoftware and Systems Modeling10.1007/s10270-019-00767-4Online publication date: 28-Nov-2019
https://doi.org/10.1007/s10270-019-00767-4
Elliott AKnight S(2018)ORGODEX: Authorization as a service (AaaS)2018 Annual IEEE International Systems Conference (SysCon)10.1109/SYSCON.2018.8369532(1-8)Online publication date: Apr-2018
https://doi.org/10.1109/SYSCON.2018.8369532
Zhang YJoshi J(2018)Administration Model for RBACEncyclopedia of Database Systems10.1007/978-1-4614-8265-9_1507(68-69)Online publication date: 7-Dec-2018
https://doi.org/10.1007/978-1-4614-8265-9_1507
Ninglekhu JKrishnan R(2017)AARBAC: Attribute-Based Administration of Role-Based Access Control2017 IEEE 3rd International Conference on Collaboration and Internet Computing (CIC)10.1109/CIC.2017.00027(126-135)Online publication date: Oct-2017
https://doi.org/10.1109/CIC.2017.00027
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

An effective role administration model using organization structure

PBDM: a flexible delegation model in RBAC

A role administration system in role-based authorization infrastructures: design and implementation