Managing RBAC states with transitive relations

Pang, Chaoyi; Hansen, David; Maeder, Anthony

doi:10.1145/1229285.1229306

Cited by 4 publications

(2 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The remaining 13 publications define conflict reduction algorithms. Both Pang et al (2007) and Shafiq et al (2012) propose graph optimization algorithms to remove constraint conflicts on an RBAC state. The remaining eleven publications propose algorithms for the reduction of rule conflicts in an XACML policy set.…”

Section: Reduce Conflictsmentioning

confidence: 99%

Optimization of Access Control Policies

Kern¹,

Baumer²,

Groll³

et al. 2022

Journal of Information Security and Applications

View full text Add to dashboard Cite

Section: Reduce Conflictsmentioning

confidence: 99%

Optimization of Access Control Policies

Kern¹,

Baumer²,

Groll³

et al. 2022

Journal of Information Security and Applications

View full text Add to dashboard Cite

“…Information 2020, 11, x FOR PEER REVIEW 14 of 24 of the behavioral requirements of traditional roles is mostly identified to contain multiplicity of roles, unclear role definitions, and conflicting roles. As explained by [87], it is appropriate to optimize the roles sets so that only authentic users are assigned permissions to use the system. The effects of role ambiguity, role conflict, or role strain can influence the user of a role to abuse access rights.…”

Section: The Precursors Of Rbacmentioning

confidence: 99%

Precursors of Role-Based Access Control Design in KMS: A Conceptual Framework

Nyame

Qin

2020

Information

View full text Add to dashboard Cite

Role-based access control (RBAC) continues to gain popularity in the management of authorization concerning access to knowledge assets in organizations. As a socio-technical concept, the notion of role in RBAC has been overemphasized, while very little attention is given to the precursors: role strain, role ambiguity, and role conflict. These constructs provide more significant insights into RBAC design in Knowledge Management Systems (KMS). KMS is the technology-based knowledge management tool used to acquire, store, share, and apply knowledge for improved collaboration and knowledge-value creation. In this paper, we propose eight propositions that require future research concerning the RBAC system for knowledge security. In addition, we propose a model that integrates these precursors and RBAC to deepen the understanding of these constructs. Further, we examine these precursory constructs in a socio-technical fashion relative to RBAC in the organizational context and the status–role relationship effects. We carried out conceptual analysis and synthesis of the relevant literature, and present a model that involves the three essential precursors that play crucial roles in role mining and engineering in RBAC design. Using an illustrative case study of two companies where 63 IT professionals participated in the study, the study established that the precursors positively and significantly increase the intractability of the RBAC system design. Our framework draws attention to both the management of organizations and RBAC system developers about the need to consider and analyze the precursors thoroughly before initiating the processes of policy engineering, role mining, and role engineering. The propositions stated in this study are important considerations for future work.

show abstract

An Effective and Secure Key-Management Scheme for Hierarchical Access Control in E-Medicine System

2013

View full text Add to dashboard Cite

Recently several hierarchical access control schemes are proposed in the literature to provide security of e-medicine systems. However, most of them are either insecure against 'man-in-the-middle attack' or they require high storage and computational overheads. Wu and Chen proposed a key management method to solve dynamic access control problems in a user hierarchy based on hybrid cryptosystem. Though their scheme improves computational efficiency over Nikooghadam et al.'s approach, it suffers from large storage space for public parameters in public domain and computational inefficiency due to costly elliptic curve point multiplication. Recently, Nikooghadam and Zakerolhosseini showed that Wu-Chen's scheme is vulnerable to man-in-the-middle attack. In order to remedy this security weakness in Wu-Chen's scheme, they proposed a secure scheme which is again based on ECC (elliptic curve cryptography) and efficient one-way hash function. However, their scheme incurs huge computational cost for providing verification of public information in the public domain as their scheme uses ECC digital signature which is costly when compared to symmetric-key cryptosystem. In this paper, we propose an effective access control scheme in user hierarchy which is only based on symmetric-key cryptosystem and efficient one-way hash function. We show that our scheme reduces significantly the storage space for both public and private domains, and computational complexity when compared to Wu-Chen's scheme, Nikooghadam-Zakerolhosseini's scheme, and other related schemes. Through the informal and formal security analysis, we further show that our scheme is secure against different attacks and also man-in-the-middle attack. Moreover, dynamic access control problems in our scheme are also solved efficiently compared to other related schemes, making our scheme is much suitable for practical applications of e-medicine systems.

show abstract

Managing RBAC states with transitive relations

Cited by 4 publications

References 28 publications

Optimization of Access Control Policies

Optimization of Access Control Policies

Precursors of Role-Based Access Control Design in KMS: A Conceptual Framework

An Effective and Secure Key-Management Scheme for Hierarchical Access Control in E-Medicine System

Contact Info

Product

Resources

About