Resolving Information Flow Conflicts in RBAC Systems
نویسندگان
چکیده
Recently, Role Based Access Control (RBAC) model has taken place as a promising alternative to the conventional access control models, MAC and DAC. RBAC is more general than those traditional models as was shown by Osborn et al. [17], however, mapping a role based system to a valid MAC configuration is not always possible because certain combinations of permissions that are included in a role’s effective privileges may cause information flow. Given a role-based graph where role’s permissions refer to labeled data objects, Osborn et al. showed how to find conflicts that are resulted from information flow, but they have not suggested a solution for these conflicts and they have not handled user-role assignments, for the solved scheme. In this paper, we assume a more general model of permissions conflicts than MAC. We introduce an algorithm that handles information flow conflicts in a given role-based graph, corrects the Role-based graph if needed, and proposes a consistent users-roles assignment. As RBAC and information flow are becoming extremely important in Web based information systems, this algorithm becomes very relevant.
منابع مشابه
Attribute-based Access Control for Cloud-based Electronic Health Record (EHR) Systems
Electronic health record (EHR) system facilitates integrating patients' medical information and improves service productivity. However, user access to patient data in a privacy-preserving manner is still challenging problem. Many studies concerned with security and privacy in EHR systems. Rezaeibagha and Mu [1] have proposed a hybrid architecture for privacy-preserving accessing patient records...
متن کاملUNSPECIFIED Multi-session Separation of Duties (MSoD) for RBAC
Separation of duties (SoD) is a key security requirement for many business and information systems. Role Based Access Controls (RBAC) is a relatively new paradigm for protecting information systems. In the ANSI standard RBAC model both static and dynamic SoD are defined. However, static SoD policies assume that the system has full control over the assignment of all roles to users, whilst dynami...
متن کاملResolving Student-Parents Conflicts through the Improvement of Moral and Spiritual Intelligence
Resolving conflicts between students and their parents could lead to improvements in academic achievement. As a result, ways of helping with such an outcome are of significance. It can be hypothesized that improvements in moral and spiritual intelligence could lead to such resolutions. To explore this relationship, from among 450 high school students selected randomly, a group of 90 students wi...
متن کاملA Cross - Domain Role Mapping and Authorization Framework for RBAC in Grid Systems
Highly computational resource sharing environments like grids pose major security issues. Secure interoperability has been a growing concern for such multi domain computing systems. Collaboration in such a diverse environment requires integration of all local policies to compose a global access control policy for controlling information and resource. Access control in such an environment is sti...
متن کاملIdentifying and Resolving Conflicts among Agents with Hierarchical Plans
Agents can use negotiation techniques to resolve conflicts over limited resources so that they can achieve their goals. The individual plans of agents provide the necessary information for discovering and resolving such conflicts. Conflicts can be avoided by reducing or eliminating interactions by localizing plan effects to particular agents and by merging/coordinating the individual plans of a...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2006