Resource and Role Hierarchy Based Access Control for Resourceful Systems
- 1 July 2018
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
- Vol. 02, 480-486
- https://doi.org/10.1109/compsac.2018.10280
Abstract
Role based access control (RBAC) has been used extensively in practice since it naturally capturing the structure of the users in an organization. It is especially useful in multi-tenant cloud platforms. However, with the growing amount of data and growing number of devices, assigning permissions for these resources (such as data and devices) to roles become challenging. We develop a resource hierarchy based permission model and integrate it with RBAC to create the RRBAC (resource and role based access control) model to simplify the permission assignment in RBAC. However, realizing RRBAC requires careful design to ensure efficient permission assignment, validation and revocation. Instead of using policy based solutions, such as XACML, we design a resource tree based approach to achieve high performance for various permission related operations. Preliminary experiments show that RRBAC approach can achieve more efficient permission assignment and validation.Keywords
This publication has 7 references indexed in Scilit:
- Multi-tenant Access and Information Flow Control for SaaSPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2016
- Toward Semantic Enhancement of Monitoring Data RepositoryPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2016
- Role-Based Integrated Access Control and Data Provenance for SOA Based Net-Centric SystemsIEEE Transactions on Services Computing, 2015
- Guide to Attribute Based Access Control (ABAC) Definition and ConsiderationsPublished by National Institute of Standards and Technology (NIST) ,2014
- RABAC: Role-Centric Attribute-Based Access ControlLecture Notes in Computer Science, 2012
- Secure collaboration in mediator-free environmentsPublished by Association for Computing Machinery (ACM) ,2005
- Merging heterogeneous security orderingsLecture Notes in Computer Science, 1996