An Improved Task and Role-Based Access Control Model with Multi-Constraint

A combination of Task and Role-based Access Control with multi-constraint is put forward in this paper. It is designed to solve problem of access control management about collaborators in workflow system, whose difficulties lie in complex authorization and low users efficiency. It combines the tasks and roles, classifies tasks, simplifies permissions management, defines the mutually exclusive roles and binding tasks and formulates dynamic users allocation policies by establishing a users execution history table to improving the efficiency. Finally, a specific dynamic access control design is given for electric power enterprise equipment maintenance management workflow, the given example shows that the model and algorithm satisfies the principle of least permission and separation of duties and ensures the workflow system to execute tasks safely and efficiently.

Download Full-text

An extensible role based access control management system

IEEE Conference Anthology ◽

10.1109/anthology.2013.6784745 ◽

2013 ◽

Author(s):

Zhen-wu Wang

Keyword(s):

Access Control ◽

Management System ◽

Role Based Access Control ◽

Role Based ◽

Access Control Management ◽

Control Management System ◽

Control Management

Download Full-text

Using classification for role-based access control management

International Journal of Technology Policy and Management ◽

10.1504/ijtpm.2016.075940 ◽

2016 ◽

Vol 16 (1) ◽

pp. 45 ◽

Cited By ~ 2

Author(s):

Nazia Badar ◽

Jaideep Vaidya ◽

Vijayalakshmi Atluri ◽

Nino Vincenzo Verde ◽

Janice Warner

Keyword(s):

Access Control ◽

Role Based Access Control ◽

Role Based ◽

Access Control Management ◽

Control Management

Download Full-text

Role-Mining Optimization with Separation-of-Duty Constraints and Security Detections for Authorizations

Future Internet ◽

10.3390/fi11090201 ◽

2019 ◽

Vol 11 (9) ◽

pp. 201 ◽

Cited By ~ 2

Author(s):

Wei Sun ◽

Shiwei Wei ◽

Huaping Guo ◽

Hongbing Liu

Keyword(s):

Access Control ◽

Optimization Approach ◽

Role Based Access Control ◽

Control Mechanisms ◽

Engineering Technology ◽

Role Mining ◽

Novel Method ◽

Separation Of Duty ◽

Role Based ◽

The Given

Role-based access control (RBAC), which has been regarded as one of the most popular access-control mechanisms, is featured by the separation-of-duty constraints, mutually exclusive constraints, and the least-privileges principle. Role mining, a bottom-up role-engineering technology, is an effective method to migrate from a non-RBAC system to an RBAC system. However, conventional role-mining approaches not only do not consider the separation of duty constraints, but also cannot ensure the security of a constructed RBAC system when the corresponding mined results violate the separation of a duty constraint and/or the least-privileges principle. To solve these problems, this paper proposes a novel method called role-mining optimization with separation-of-duty constraints and security detections for authorizations (RMO_SODSDA), which mainly includes two aspects. First, we present a role-mining-optimization approach for satisfying the separation of duty constraints, and we constructed different variants of mutually exclusive constraints to correctly implement the given separation of duty constraints based on unconstrained role mining. Second, to ensure the security of the constructed system and evaluate authorization performance, we reduced the authorization-query problem to a maximal-satisfiability problem. The experiments validate the effectiveness and efficiency of the proposed method.

Download Full-text