Atom-Role-Based Access Control Model

Weihong CAI  Richeng HUANG  Xiaoli HOU  Gang WEI  Shui XIAO  Yindong CHEN  

IEICE TRANSACTIONS on Information and Systems   Vol.E95-D   No.7   pp.1908-1917
Publication Date: 2012/07/01
Online ISSN: 1745-1361
DOI: 10.1587/transinf.E95.D.1908
Print ISSN: 0916-8532
Type of Manuscript: PAPER
Category: Information Network
access control,  RBAC,  atom role,  ATRBAC,  

Full Text: PDF(954.5KB)>>
Buy this Article

Role-based access control (RBAC) model has been widely recognized as an efficient access control model and becomes a hot research topic of information security at present. However, in the large-scale enterprise application environments, the traditional RBAC model based on the role hierarchy has the following deficiencies: Firstly, it is unable to reflect the role relationships in complicated cases effectively, which does not accord with practical applications. Secondly, the senior role unconditionally inherits all permissions of the junior role, thus if a user is under the supervisor role, he may accumulate all permissions, and this easily causes the abuse of permission and violates the least privilege principle, which is one of the main security principles. To deal with these problems, we, after analyzing permission types and role relationships, proposed the concept of atom role and built an atom-role-based access control model, called ATRBAC, by dividing the permission set of each regular role based on inheritance path relationships. Through the application-specific analysis, this model can well meet the access control requirements.