Abstract
The authors propose a business-oriented approach to support accurate and dynamic user-role assignments for the Role Based Access Control (RBAC) model. Their model, called Business-Driven Role Based Access Control (BD-RBAC), is composed of three layers. The first layer extends the RBAC model with the concepts of business roles, system roles, credentials, and users’ capabilities. The second layer dynamically assigns users to business and system roles, and filters outdated (abnormal) user-role assignments. The third layer supports exception handling and partial authorization. The novel aspect of the work is the adaptation of RBAC-based access control systems to changes in organizational needs, while reducing the burden of security administration. To this end, the authors have developed (1) a series of algorithms to compute internal and external user-role assignments based on organizational policies, users’ requests and capabilities, (2) and shown that their outputs are permissible, i.e., a legitimate user is authorized to activate the role, complete, i.e., a legitimate user can activate the roles necessary to perform all the requested tasks, and minimal, i.e., a legitimate user does not receive any non-authorized or not-needed privileges.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Information Security and Privacy
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
