RBAC Constraints Specification and Enforcement in Extended XACML

Helil, Nurmamat; Rahman, Kaysar

doi:10.1109/mines.2010.121

Cited by 8 publications

(3 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, constraints models were not a part of these initial RBAC systems. RBAC constraints can be broadly classified into static and dynamic [56] as discussed below;…”

Section: Constraintsmentioning

confidence: 99%

Context-Aware and Dynamic Role-Based Access Control Using Blockchain

Rahman

Guidi

Baiardi

et al. 2020

Advanced Information Networking and Applications

View full text Add to dashboard Cite

Role-based access control (RBAC) policies represent the rights of subjects in terms of roles to access resources. This research proposes a scalable, flexible and auditable RBAC system using the EOS blockchain platform to meet the security requirements of organizations. The EOS blockchain platform for developing smart contract and decentralized applications (DAPPs) aims to address the scalability problem found in existing blockchain platforms such as Ethereum and Bitcoin. This smart contract platform aims to eliminate transaction fees while conducting millions of transactions per second. In our proposed approach, the EOS blockchain transparently stores RBAC policies. Administrative roles control access to resources at a higher level according to the way organizations perform business. An organization creates roles, role hierarchies and constraints to regulate users' actions. Therefore, once an RBAC framework is established, the administrative user (issuer) only needs to grant and revoke roles to support changes in the organizational structure. Moreover, resource owners delegate access rights to other subjects (in the same or different organization). Our proposed blockchain-based RBAC supports delegation capabilities using gaseless transactions which makes it adoptable and appealing in a large number of application scenarios. Our proposed solution is application-agnostic and well-suited for diverse use cases. Existing state-of-the art security frameworks are not suitable due to the difficulty of scale, higher cost and single point of failure. Consequently, organizations demand a scalable, cost-effective and lightweight access control solution which can better protect their privacy as well. A proof of concept implementation is developed based on the EOS blockchain. In particular, we deploy our proposed RBAC smart contract on the EOS Kylin testnet. Our experimental results and analysis clearly show that our EOS blockchain-based RBAC outperforms existing blockchain platforms in terms of cost, latency, block generation time, contract execution time and throughput.

show abstract

“…However, constraints models were not a part of these initial RBAC systems. RBAC constraints can be broadly classified into static and dynamic [56] as discussed below;…”

Section: Constraintsmentioning

confidence: 99%

Context-Aware and Dynamic Role-Based Access Control Using Blockchain

Rahman

Guidi

Baiardi

et al. 2020

Advanced Information Networking and Applications

View full text Add to dashboard Cite

show abstract

“…Table I represents the necessary functions for checking S/DSOD constraints. These functions, which get historical information about assigning and enabling roles for users, are inspired by (Helil and Rahman, 2010).…”

Section: Role-based Access Controlmentioning

confidence: 99%

Towards a flexible framework to support a generalized extension of XACML for spatio-temporal RBAC model with reasoning ability

Dang

et al. 2014

International Journal of Web Information Systems

View full text Add to dashboard Cite

Purpose -The paper aims to propose a flexible framework to support X-STROWL model. Extensible access control markup language (XACML) is an international standard used for access control in distributed systems. However, XACML and its existing extensions are not sufficient to fulfill sophisticated security requirements (e.g. access control based on user's roles, context-aware authorizations and the ability of reasoning). Remarkably, X-STROWL, a generalized extension of XACML for spatiotemporal role-based access control (RBAC) model with reasoning ability, is a comprehensive model that overcomes these shortcomings. It mainly focuses on the architecture design as well as the implementation and evaluation of proposed framework and the comparison with others. Design/methodology/approach -Based on the concept of X-STROWL model, the paper reviewed a large amount of open sources implementing XACML with defined criteria and chose the most suitable framework to be extended for the implementation. The paper also presented a case study used to evaluate the research result. Findings -Holistic enterprise-ready application security framework -architecture framework (HERAS-AF) is chosen as the most suitable framework to be extended to implement X-STROWL model. Extending HERAS-AF to support spatiotemporal aspect and other contextual conditions as well as the way to integrate security in the access request, together with ability of reasoning for hierarchical roles, are striking features that make the proposed framework able to meet more sophisticated security requirements in comparison with others. Research limitations/implications -Due to the research content, the performance of proposed framework is not the focused issue of this work. Originality/value -The proposed framework is a crucial contribution of our research to provide a holistic, extensible and intelligent authorization decision engine.

show abstract

“…In the past decade, a considerable amount of work [4][5][6][7][8][9][10][11][12][13] has been done on RBAC constraints. However, the focus of these researches has been predominantly on the specification of RBAC constraints.…”

Section: Introductionmentioning

confidence: 99%

Detecting and resolving constraint conflicts in role-based access control

Qiu

2011

2011 International Conference on Electrical and Control Engineering

View full text Add to dashboard Cite

The focus of existing researches on RBAC constraints has been predominantly on the specification of constraints, the detection and resolution of constraint conflicts have been overlooked and remain a significant research challenge. To address these concerns, we propose a set of detection rules for these conflicts. Furthermore, a flexible approach is provided to resolve internal constraint conflicts by defining two new concepts, i.e., priority rule and resolution policy.

show abstract

RBAC Constraints Specification and Enforcement in Extended XACML

Cited by 8 publications

References 11 publications

Context-Aware and Dynamic Role-Based Access Control Using Blockchain

Context-Aware and Dynamic Role-Based Access Control Using Blockchain

Towards a flexible framework to support a generalized extension of XACML for spatio-temporal RBAC model with reasoning ability

Detecting and resolving constraint conflicts in role-based access control

Contact Info

Product

Resources

About