• DocumentCode
    3064847
  • Title

    Generalized role-based access control

  • Author

    Moyer, Matthew J. ; Abamad, M.

  • Author_Institution
    Coll. of Comput., Georgia Inst. of Technol., Atlanta, GA, USA
  • fYear
    2001
  • fDate
    36982
  • Firstpage
    391
  • Lastpage
    398
  • Abstract
    Generalized Role-Based Access Control (GRBAC) is a new paradigm for creating and maintaining rich access control policies. GRBAC leverages and extends the power of traditional role based access control (RBAC) by incorporating subject roles, object roles and environment roles into access control decisions. Subject roles are like traditional RBAC roles: they abstract the security-relevant characteristics of subjects into categories that can be used in defining a security policy. Similarly, object roles abstract the various properties of objects, such as object type (e.g., text, JPEG, executable) or sensitivity level (e.g., classified, top secret) into categories. Environment roles capture environmental information, such as time of day or system load so it can be used to mediate access control. Together, these three types of roles offer flexibility and expressive power, as well as a degree of usability not found in current access control models
  • Keywords
    authorisation; distributed processing; transaction processing; GRBAC; JPEG; RBAC; access control; access control decisions; access control models; environment roles; environmental information; expressive power; generalized role based access control; object roles; object type; rich access control policies; security policy; security-relevant characteristics; sensitivity level; subject roles; Access control; Educational institutions; Information security; Mechanical factors; Permission; Power system modeling; Power system security; Usability;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Distributed Computing Systems, 2001. 21st International Conference on.
  • Conference_Location
    Mesa, AZ
  • Print_ISBN
    0-7695-1077-9
  • Type

    conf

  • DOI
    10.1109/ICDSC.2001.918969
  • Filename
    918969