Resolving Information Flow Conflicts in RBAC Systems

نویسندگان

  • Noa Tuval
  • Ehud Gudes
چکیده

Recently, Role Based Access Control (RBAC) model has taken place as a promising alternative to the conventional access control models, MAC and DAC. RBAC is more general than those traditional models as was shown by Osborn et al. [17], however, mapping a role based system to a valid MAC configuration is not always possible because certain combinations of permissions that are included in a role’s effective privileges may cause information flow. Given a role-based graph where role’s permissions refer to labeled data objects, Osborn et al. showed how to find conflicts that are resulted from information flow, but they have not suggested a solution for these conflicts and they have not handled user-role assignments, for the solved scheme. In this paper, we assume a more general model of permissions conflicts than MAC. We introduce an algorithm that handles information flow conflicts in a given role-based graph, corrects the Role-based graph if needed, and proposes a consistent users-roles assignment. As RBAC and information flow are becoming extremely important in Web based information systems, this algorithm becomes very relevant.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Attribute-based Access Control for Cloud-based Electronic Health Record (EHR) Systems

Electronic health record (EHR) system facilitates integrating patients' medical information and improves service productivity. However, user access to patient data in a privacy-preserving manner is still challenging problem. Many studies concerned with security and privacy in EHR systems. Rezaeibagha and Mu [1] have proposed a hybrid architecture for privacy-preserving accessing patient records...

متن کامل

UNSPECIFIED Multi-session Separation of Duties (MSoD) for RBAC

Separation of duties (SoD) is a key security requirement for many business and information systems. Role Based Access Controls (RBAC) is a relatively new paradigm for protecting information systems. In the ANSI standard RBAC model both static and dynamic SoD are defined. However, static SoD policies assume that the system has full control over the assignment of all roles to users, whilst dynami...

متن کامل

Resolving Student-Parents Conflicts through the Improvement of Moral and Spiritual Intelligence

Resolving conflicts between students and their parents could lead to improvements in academic achievement. As a result, ways of helping with such an outcome are of significance. It can be hypothesized that improvements in moral and spiritual intelligence could lead to such resolutions. To explore this relationship, from among 450 high school students selected randomly, a group of 90 students wi...

متن کامل

A Cross - Domain Role Mapping and Authorization Framework for RBAC in Grid Systems

Highly computational resource sharing environments like grids pose major security issues. Secure interoperability has been a growing concern for such multi domain computing systems. Collaboration in such a diverse environment requires integration of all local policies to compose a global access control policy for controlling information and resource. Access control in such an environment is sti...

متن کامل

Identifying and Resolving Conflicts among Agents with Hierarchical Plans

Agents can use negotiation techniques to resolve conflicts over limited resources so that they can achieve their goals. The individual plans of agents provide the necessary information for discovering and resolving such conflicts. Conflicts can be avoided by reducing or eliminating interactions by localizing plan effects to particular agents and by merging/coordinating the individual plans of a...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2006