Resource and Role Hierarchy Based Access Control for Resourceful Systems

Abstract

Role based access control (RBAC) has been used extensively in practice since it naturally capturing the structure of the users in an organization. It is especially useful in multi-tenant cloud platforms. However, with the growing amount of data and growing number of devices, assigning permissions for these resources (such as data and devices) to roles become challenging. We develop a resource hierarchy based permission model and integrate it with RBAC to create the RRBAC (resource and role based access control) model to simplify the permission assignment in RBAC. However, realizing RRBAC requires careful design to ensure efficient permission assignment, validation and revocation. Instead of using policy based solutions, such as XACML, we design a resource tree based approach to achieve high performance for various permission related operations. Preliminary experiments show that RRBAC approach can achieve more efficient permission assignment and validation.