ROAC: A Role-Oriented Access Control Model

Abstract : Role-Based Access Control (RBAC) has become the de facto standard for realizing authorization requirements in a wide range of organizations. Existing RBAC models suffer from two main shortcomings; lack of expressiveness of roles/permissions and ambiguities of their hierarchies. Roles/permissions expressiveness is limited since roles do not have the ability to express behaviour and state, while hierarchical RBAC cannot reflect real organizational hierarchies. In this paper, we propose a novel access control model: The Role-Oriented Access Control Model (ROAC), which is based on the concepts of RBAC but inspired by the object-oriented paradigm. ROAC greatly enhances expressiveness of roles and permissions by introducing parameters and methods as members. The hierarchical ROAC model supports selective inheritance of permissions.
Type de document :
Communication dans un congrès
Ioannis Askoxylakis; Henrich C. Pöhls; Joachim Posegga. 6th International Workshop on Information Security Theory and Practice (WISTP), Jun 2012, Egham, United Kingdom. Springer, Lecture Notes in Computer Science, LNCS-7322, pp.113-127, 2012, Information Security Theory and Practice. Security, Privacy and Trust in Computing Systems and Ambient Intelligent Ecosystems. 〈10.1007/978-3-642-30955-7_11〉
Liste complète des métadonnées

Littérature citée [14 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01534310
Contributeur : Hal Ifip <>
Soumis le : mercredi 7 juin 2017 - 15:03:42
Dernière modification le : mercredi 7 juin 2017 - 15:05:24
Document(s) archivé(s) le : vendredi 8 septembre 2017 - 12:55:12

Fichier

978-3-642-30955-7_11_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Nezar Nassr, Eric Steegmans. ROAC: A Role-Oriented Access Control Model. Ioannis Askoxylakis; Henrich C. Pöhls; Joachim Posegga. 6th International Workshop on Information Security Theory and Practice (WISTP), Jun 2012, Egham, United Kingdom. Springer, Lecture Notes in Computer Science, LNCS-7322, pp.113-127, 2012, Information Security Theory and Practice. Security, Privacy and Trust in Computing Systems and Ambient Intelligent Ecosystems. 〈10.1007/978-3-642-30955-7_11〉. 〈hal-01534310〉

Partager

Métriques

Consultations de la notice

104

Téléchargements de fichiers

27