Role Authorization

14,000,000 Leading Edge Experts on the ideXlab platform

Scan Science and Technology

Contact Leading Edge Experts & Companies

Scan Science and Technology

Contact Leading Edge Experts & Companies

The Experts below are selected from a list of 162 Experts worldwide ranked by ideXlab platform

C. Yang - One of the best experts on this subject based on the ideXlab platform.

  • Specification and enforcement of object-oriented RBAC model
    Canadian Conference on Electrical and Computer Engineering 2001. Conference Proceedings (Cat. No.01TH8555), 1
    Co-Authors: Chang N. Zhang, C. Yang
    Abstract:

    Access control for protection and sharing of information and physical resources is an essential component of any multi-user computer systems. Role-based-access-control (RBAC) has been introduced and has offered a powerful means of specifying access control decisions, as well as reducing the cost of administrating access control policies and making them less error-prone. We proposed an object-oriented RBAC model (ORBAC) and its formal specifications to describe the relationships of the basic elements of the model. Furthermore, an efficient ORBAC implementation method was proposed to deal with statically and dynamically Role Authorization so that the problem of separation of duties can be solved.

  • WICSA - An object-oriented RBAC model for distributed system
    Proceedings Working IEEE IFIP Conference on Software Architecture, 1
    Co-Authors: N.z. Chang, C. Yang
    Abstract:

    In distributed computing environments, users would like to share resources and communicate with each other to perform their jobs more efficiently. For better performance, it is important to keep resources and information integrity from unexpected use by unauthorized users. Therefore, there is a strong demand for access control of distributed shared resources. Role-Based-Access-Control (RBAC) has been introduced and offers a powerful means for specifying access control decisions. The authors propose an object oriented RBAC model for distributed system (ORBAC), it efficiently represents the real world. Moreover, under the decentralized ORBAC management architecture, an implementation of the model has realized multiple-domain access control. Finally, statically and dynamically Role Authorization is considered and a method to deal with the problem of separation of duties is presented.

X. Chen - One of the best experts on this subject based on the ideXlab platform.

  • An Access Control Model for Resource Sharing Based on the Role-Based Access Control Intended for Multi-Domain Manufacturing Internet of Things
    IEEE Access, 2017
    Co-Authors: Qian Liu, Jiafu Wan, Hong Zhang, X. Chen
    Abstract:

    Manufacturing Internet of Things (MIoT) represents the manufacturing oriented to Internet of Things with two important characteristics, resource sharing and process collaboration. Access control in resource sharing is very important for MIoT operation safety. This paper presents an access control model for resource sharing based on the Role-based access control intended for multidomain MIoT. In multidomain systems, in order to response on the assigning request for permission for the certain Role from the certain user, an authority action sequence named the Authorization route is employed to determine an appropriate Authorization state. In this paper, the best Authorization route with the least spread of permissions is defined as an optimal Authorization route. We employed an intelligent planning theory to model the Authorization route problem and to develop a solution algorithm called PGAO*, which can support external evaluation of both single-goal-Role Authorization routes and multi-goal-Role Authorization routes. In addition, some simple policies for solving the Authorization route problem are presented. The proposed access control model provides a quick and efficient Authorization decision support for administrators in collaborative domain and ensures a secure access in resource sharing in MIoT.

Chang Chao-wen - One of the best experts on this subject based on the ideXlab platform.

  • Access Control Model Based on Multidimensional Measurement and Context
    Computer Engineering, 2011
    Co-Authors: Chang Chao-wen
    Abstract:

    In distributed systems,the user's identity is uncertain,the access platform is complex,and the network environment is changeable.The traditional simplex access control model such as Role-based or identity-based access control model can not well meet the requirements.It combines the advantage of Role-based Access Control(RBAC) and Trust Management(TM),extends the traditional RBAC model with the notion of trust and context,performs a multidimensional measurement on user's identity,access platform and user's behavior,considering the security of user's platform and the dynamic uncertainty of the network environment,promotes a new access control model called MCBAC.It is according to user's identity information and trust degree assign Roles.It realizes dynamic Role Authorization control.It has good security and flexibility.

Hugo Torres Vieira - One of the best experts on this subject based on the ideXlab platform.

  • Dynamic Role Authorization in multiparty conversations
    Formal Aspects of Computing, 2016
    Co-Authors: Silvia Ghilezan, Svetlana Jakšić, Jovanka Pantović, Jorge A. Pérez, Hugo Torres Vieira
    Abstract:

    Protocols in distributed settings usually rely on the interaction of several parties and often identify the Roles involved in communications. Roles may have a behavioral interpretation, as they do not necessarily correspond to sites or physical devices. Notions of Role Authorization thus become necessary to consider settings in which, e.g., different sites may be authorized to act on behalf of a single Role, or in which one site may be authorized to act on behalf of different Roles. This flexibility must be equipped with ways of controlling the Roles that the different parties are authorized to represent, including the challenging case in which Role Authorizations are determined only at runtime. We present a typed framework for the analysis of multiparty interaction with dynamic Role Authorization and delegation. Building on previous work on conversation types with Role assignment, our formal model is based on an extension of the $${\pi}$$ π -calculus in which the basic resources are pairs channel-Role, which denote the access right of interacting along a given channel representing the given Role. To specify dynamic Authorization control, our process model includes (1) a novel scoping construct for Authorization domains, and (2) communication primitives for Authorizations, which allow to pass around Authorizations to act on a given channel. An Authorization error then corresponds to an action involving a channel and a Role not enclosed by an appropriate Authorization scope. We introduce a typing discipline that ensures that processes never reduce to Authorization errors, including when parties dynamically acquire Authorizations.

  • BEAT - Dynamic Role Authorization in multiparty conversations
    Formal Aspects of Computing, 2016
    Co-Authors: Silvia Ghilezan, Svetlana Jakšić, Jorge A. Pérez, Jovanka Pantovic, Hugo Torres Vieira
    Abstract:

    Protocols in distributed settings usually rely on the interaction of several parties and often identify the Roles involved in communications. Roles may have a behavioral interpretation, as they do not necessarily correspond to sites or physical devices. Notions of Role Authorization thus become necessary to consider settings in which, e.g., different sites may be authorized to act on behalf of a single Role, or in which one site may be authorized to act on behalf of different Roles. This flexibility must be equipped with ways of controlling the Roles that the different parties are authorized to represent, including the challenging case in which Role Authorizations are determined only at runtime. We present a typed framework for the analysis of multiparty interaction with dynamic Role Authorization and delegation. Building on previous work on conversation types with Role assignment, our formal model is based on an extension of the $${\pi}$$ź-calculus in which the basic resources are pairs channel-Role, which denote the access right of interacting along a given channel representing the given Role. To specify dynamic Authorization control, our process model includes (1) a novel scoping construct for Authorization domains, and (2) communication primitives for Authorizations, which allow to pass around Authorizations to act on a given channel. An Authorization error then corresponds to an action involving a channel and a Role not enclosed by an appropriate Authorization scope. We introduce a typing discipline that ensures that processes never reduce to Authorization errors, including when parties dynamically acquire Authorizations.

  • Dynamic Role Authorization in Multiparty Conversations
    Electronic Proceedings in Theoretical Computer Science, 2014
    Co-Authors: Silvia Ghilezan, Svetlana Jakšić, Jorge A. Pérez, Jovanka Pantovic, Hugo Torres Vieira
    Abstract:

    Protocol specifications often identify the Roles involved in communications. In multiparty protocols that involve task delegation it is often useful to consider settings in which different sites may act on behalf of a single Role. It is then crucial to control the Roles that the different parties are authorized to represent, including the case in which Role Authorizations are determined only at runtime. Building on previous work on conversation types with flexible Role assignment, here we report initial results on a typed framework for the analysis of multiparty communications with dynamic Role Authorization and delegation. In the underlying process model, communication prefixes are annotated with Role Authorizations and Authorizations can be passed around. We extend the conversation type system so as to statically distinguish processes that never incur in Authorization errors. The proposed static discipline guarantees that processes are always authorized to communicate on behalf of an intended Role, also covering the case in which Authorizations are dynamically passed around in messages.

Aashay Thipse - One of the best experts on this subject based on the ideXlab platform.

  • ARES - Security Analysis of Role-based Separation of Duty with Workflows
    2008 Third International Conference on Availability Reliability and Security, 2008
    Co-Authors: Rattikorn Hewett, Phongphun Kijsanayothin, Aashay Thipse
    Abstract:

    Role-based access control (RBAC) is the most predominant access control model in today's security management due to its ability to simplify Authorization, and flexibility to specify and enforce protection policies. In RBAC, Separation of Duty (SoD) constrains user Role Authorization to protect sensitive information from frauds due to conflicts of interests. SoD constraints are commonly defined by mutually exclusive Roles (MER) (e.g., bank teller and auditor). This paper proposes practical computational techniques for analyzing SoD by integrating workflows of the enterprise processes into the RBAC framework. Specifically, we present 1) an algorithm for generating MER to enforce SoD, and 2) a verification algorithm to check if a given RBAC state (Role Authorization and user-Role assignments) satisfies a given type of SoD constraint or not. The paper discusses the details of the approach and illustrates its use in a loan application domain.

Role Authorization - 15 days free trial to Access Experts & Abstracts