Advanced permission-role relationship in role-based access control

Li, Min and Wang, Hua and Plank, Ashley and Yong, Jianming (2008) Advanced permission-role relationship in role-based access control. In: ACISP 2008:13th Australasian Conference on Information Security and Privacy , 7-9 Jul 2008, Wollongong, Australia.

Text (Author's version)

Download (258Kb)
Text (Documentation)

Download (297Kb)


Permission-role assignment is an important issue in role-based access control (RBAC). There are two types of problems that may arise in permission-role assignment. One is related to authorization granting process. Conflicting permissions may be granted to a role, and as a result, users with the role may have or derive a high level of authority. The other is related to authorization revocation. When a permission is revoked from a role, the role may still have the permission from other roles. In this paper, we discuss granting and revocation models related to mobile and immobile memberships between permissions and roles, then provide proposed authorization granting algorithm to check conflicts and help allocate the permissions without compromising the security. To our best knowledge, the new revocation models, local and global revocation, have not been studied before. The local and global revocation algorithms based on relational algebra and operations provide a rich variety. We also apply the new algorithms to an anonymity scalable payment scheme.

Statistics for USQ ePrint 4246
Statistics for this ePrint Item
Item Type: Conference or Workshop Item (Commonwealth Reporting Category E) (Paper)
Refereed: Yes
Item Status: Live Archive
Additional Information: Deposited in accordance with the copyright policy of the publisher. Copyright 2008 Springer. This is the authors' version of the work. It is posted here with permission of the publisher for your personal use. No further distribution is permitted. The item is also available in Lecture Notes in Computer Science v. 5107 at
Faculty / Department / School: Historic - Faculty of Sciences - Department of Maths and Computing
Date Deposited: 02 Jul 2008 04:38
Last Modified: 28 Aug 2014 04:12
Uncontrolled Keywords: RBAC; role-based access control; permission-role assignment
Fields of Research : 08 Information and Computing Sciences > 0806 Information Systems > 080604 Database Management
08 Information and Computing Sciences > 0803 Computer Software > 080303 Computer System Security
08 Information and Computing Sciences > 0806 Information Systems > 080608 Information Systems Development Methodologies
Socio-Economic Objective: E Expanding Knowledge > 97 Expanding Knowledge > 970108 Expanding Knowledge in the Information and Computing Sciences
Identification Number or DOI: 10.1007/978-3-540-70500-0-29

Actions (login required)

View Item Archive Repository Staff Only