An Audit-Integrated ARBAC Model

2012 ◽  
Vol 263-266 ◽  
pp. 1600-1604
Author(s):  
Qiang Liu ◽  
Jian Hua Zhang
Keyword(s):  
Access Control ◽  
Decision Process ◽  
Large Scale ◽  
Control Model ◽  
Main Stream ◽  
Role Based Access Control ◽  
Access Control Model ◽  
Distributed Application ◽  
Role Based ◽  
Set Up

Role-Based Access Control (RBAC) model is the main-stream access control model. When addressing large-scale and distributed application, the highest Security Administrator(SA) of RBAC model always try to transfer his management authority to his inferior SAs to decrease his workload. However, How to ensure that these inferior SAs perform their management authorities legally is a big problem. Although there are a technology framework of administrative RBAC model, named ARBAC97, the supervise mechanism and audit mechanism on the utilization of transferred authorities is incomplete in RBAC model. In this research, an audit-integrated ARBAC (au-ARBAC) model is presented. In the au-ARBAC model, a right and liability mechanism has been set up, an audit role is defined and auditing permission is assigned to this role. At the same time, we put forwards two types basic audit business: routine audit and accident audit. As to accident audit, a decision process for division of responsibility is designed to clarify the responsibility of wrongdoer SAs. The Au-ARBAC model can help to improve the Consciousness of authorization responsibility and to perform their management authorities responsibly and legally.

An Administration Iteration Problem and its Solution when Deploying the RBAC Model

2012 ◽  
Vol 263-266 ◽  
pp. 1584-1587
Author(s):  
Jian Hua Zhang ◽  
Qiang Liu
Keyword(s):  
Access Control ◽  
Control Model ◽  
Main Stream ◽  
Role Based Access Control ◽  
Top Down ◽  
Control Capability ◽  
Role Based ◽  
Set Up ◽  
The Right ◽  
Application Requirements

Access control is an important infrastructure of an information system. Role-Based Access Control (RBAC) model is the main-stream access control model. When deploying a RBAC model, there is an administration iteration problem which needs the information engineers to define the administrator structure before running the RBAC model, which make the deploying process redundancy and complex, make the running process rigid, and result in decrease of control capability of RBAC model. We present a top-down method. In this method, we define the administration authority as the source of management authority and set up the right and liability mechanism of RBAC. By this method, the administrator structure will be defined and expanded by administrators according to application requirements, and the right and liability mechanism can make sure these administrators should perform their management authorities responsibly and legally. Our method can solve the administration iteration problem and improve the flexibility of RBAC model.

scholarly journals A 4D-Role Based Access Control Model for Multitenancy Cloud Platform

2016 ◽  
Vol 2016 ◽  
pp. 1-16 ◽  
Author(s):  
Jiangfeng Li ◽  
Zhenyu Liao ◽  
Chenxi Zhang ◽  
Yang Shi
Keyword(s):  
Access Control ◽  
Large Scale ◽  
Control Model ◽  
Role Based Access Control ◽  
Cloud Platform ◽  
Access Control Model ◽  
Role Hierarchy ◽  
User Access ◽  
Role Based ◽  
Novel Concept

Since more and more applications and services have been transferred from servers in the B/S architecture to cloud, user access control has become a significant part in a multitenancy cloud platform. Role based access control model makes users participate in an enterprise system as particular identities. However, in a multitenancy cloud environment, it has a high probability that the information of tenants has been leaked by using existing role based access control (RBAC) model. Moreover, management problems may emerge in the multitenancy platform with the increment of the number of tenants. In this paper, a novel concept of 4D-role is presented. With a detailed definition on the concept of 4D-role, a 4D-role based multitenancy model is proposed for running various applications and services in the multitenancy cloud platform. A theoretical analysis indicates that the model has the characters of tenant isolation, role hierarchy, and administration independence. The three characters are also verified by experimental evaluation. Moreover, the evaluation results indicate that the model has a good performance in using cloud resources when large-scale users are operating in the cloud platform simultaneously.

Sign in / Sign up

Export Citation Format

Share Document