Li, Min and Wang, Hua and Plank, Ashley and Yong, Jianming (2008) Advanced permission-role relationship in role-based access control. In: ACISP 2008:13th Australasian Conference on Information Security and Privacy , 7-9 Jul 2008, Wollongong, Australia.
PDF (Author's version)
Permission-role assignment is an important issue in role-based access control (RBAC). There are two types of problems that may arise in permission-role assignment. One is related to authorization granting process. Conflicting permissions may be granted to a role, and as a result, users with the role may have or derive a high level of authority. The other is related to authorization revocation. When a permission is revoked from a role, the role may still have the permission from other roles. In this paper, we discuss granting and revocation models related to mobile and immobile memberships between permissions and roles, then provide proposed authorization granting algorithm to check conflicts and help allocate the permissions without compromising the security. To our best knowledge, the new revocation models, local and global revocation, have not been studied before. The local and global revocation algorithms based on relational algebra and operations provide a rich variety. We also apply the new algorithms to an anonymity scalable payment scheme.
|Item Type:||Conference or Workshop Item (Commonwealth Reporting Category E) (Paper)|
|Additional Information:||Deposited in accordance with the copyright policy of the publisher. Copyright 2008 Springer. This is the authors' version of the work. It is posted here with permission of the publisher for your personal use. No further distribution is permitted. The item is also available in Lecture Notes in Computer Science v. 5107 at http://www.springerlink.com|
|Uncontrolled Keywords:||RBAC; role-based access control; permission-role assignment|
|Subjects:||280000 Information, Computing and Communication Sciences > 280100 Information Systems
280000 Information, Computing and Communication Sciences > 280100 Information Systems > 280108 Database Management
|Depositing User:||Ms Min Li|
|Date Deposited:||02 Jul 2008 04:38|
|Last Modified:||02 Jul 2013 23:04|
Actions (login required)
|Archive Repository Staff Only|