Skip to Main content Skip to Navigation
New interface
Conference papers

ROAC: A Role-Oriented Access Control Model

Abstract : Role-Based Access Control (RBAC) has become the de facto standard for realizing authorization requirements in a wide range of organizations. Existing RBAC models suffer from two main shortcomings; lack of expressiveness of roles/permissions and ambiguities of their hierarchies. Roles/permissions expressiveness is limited since roles do not have the ability to express behaviour and state, while hierarchical RBAC cannot reflect real organizational hierarchies. In this paper, we propose a novel access control model: The Role-Oriented Access Control Model (ROAC), which is based on the concepts of RBAC but inspired by the object-oriented paradigm. ROAC greatly enhances expressiveness of roles and permissions by introducing parameters and methods as members. The hierarchical ROAC model supports selective inheritance of permissions.
Document type :
Conference papers
Complete list of metadata

Cited literature [14 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Wednesday, June 7, 2017 - 3:03:42 PM
Last modification on : Thursday, February 21, 2019 - 10:31:47 AM
Long-term archiving on: : Friday, September 8, 2017 - 12:55:12 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Nezar Nassr, Eric Steegmans. ROAC: A Role-Oriented Access Control Model. 6th International Workshop on Information Security Theory and Practice (WISTP), Jun 2012, Egham, United Kingdom. pp.113-127, ⟨10.1007/978-3-642-30955-7_11⟩. ⟨hal-01534310⟩



Record views


Files downloads