Title :
A model for attribute-based user-role assignment
Author :
Al-Kahtani, Mohammad A. ; Sandhu, Ravi
Author_Institution :
George Mason Univ., Fairfax, VA, USA
Abstract :
The role-based access control (RBAC) model is traditionally used to manually assign users to appropriate roles, based on a specific enterprise policy, thereby authorizing them to use the roles´ permissions. In environments where the service-providing enterprise has a huge customer base this task becomes formidable. An appealing solution is to automatically assign users to roles. The central contribution of this paper is to describe a model to dynamically assign users to roles based on a finite set of rules defined by the enterprise. These rules take into consideration the attributes of users and any constraints set forth by the enterprise´s security policy. The model also allows dynamic revocation of assigned roles based on conditions specified in the security policy. The model provides a language to express these rules and defines a mechanism to determine seniority among different rules. The paper also shows how to use the model to express mandatory access controls (MAC).
Keywords :
access control; security of data; MAC; RBAC model; attribute-based user-role assignment model; dynamic role revocation; mandatory access controls; role-based access control model; security policy; user attributes; user-role assignment; Access control; Application software; Companies; Computer security; Databases; Information retrieval; Permission; Qualifications; Resource management; Web and internet services;
Conference_Titel :
Computer Security Applications Conference, 2002. Proceedings. 18th Annual
Print_ISBN :
0-7695-1828-1
DOI :
10.1109/CSAC.2002.1176307
