Formal authorization allocation approaches for role-based access control based on relational algebra operations

Wang, Hua and Cao, Jinli and Zhang, Yanchun (2002) Formal authorization allocation approaches for role-based access control based on relational algebra operations. In: Web Information Systems Engineering, 2002 (WISE 2002), 12-14 Dec 2002, Singapore.

[img]
Preview
PDF
Wang_Cao_Zhang_Publ_Version.pdf

Download (341Kb)

Abstract

In this paper, we develop formal authorization allocation algorithms for role-based access control (RBAC). The formal approaches are based on relational structure, and relational algebra and operations. The process of user-role assignments is an important issue in RBAC because it may modify the authorization level or imply high-level confidential information to be derived while users change positions and request different roles. There are two types of problems which may arise in user-role assignment. One is related to authorization granting process. When a role is granted to a user, this role may be conflict with other roles of the user or together with this role; the user may have or derive a high level of authority. Another is related to authorization revocation. When a role is revoked from a user, the user may still have the role from other roles. To solve the problems, this paper presents an authorization granting algorithm, and weak revocation and strong revocation algorithms that are based on relational algebra. The algorithms can be used to check conflicts and therefore to help allocate the roles without compromising the security in RBAC. We describe how to use the new algorithms with an anonymity scalable payment scheme. Finally, comparisons with other related work are discussed.


Statistics for USQ ePrint 3240
Statistics for this ePrint Item
Item Type: Conference or Workshop Item (Commonwealth Reporting Category E) (Paper)
Refereed: Yes
Item Status: Live Archive
Additional Information: Deposited in accordance with the copyright policy of the publisher. ©2002 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
Depositing User: Dr Hua Wang
Faculty / Department / School: Historic - Faculty of Sciences - Department of Maths and Computing
Date Deposited: 26 Oct 2007 00:05
Last Modified: 02 Jul 2013 22:50
Uncontrolled Keywords: role based access control (RBAC), algorithms, electronic money, relational databases, authorization, security
Fields of Research (FOR2008): 15 Commerce, Management, Tourism and Services > 1503 Business and Management > 150301 Business Information Management (incl. Records, Knowledge and Information Management, and Intelligence)
08 Information and Computing Sciences > 0807 Library and Information Studies > 080708 Records and Information Management (excl. Business Records and Information Management)
URI: http://eprints.usq.edu.au/id/eprint/3240

Actions (login required)

View Item Archive Repository Staff Only