Applying role–based administration to role–based access control systems has gained some attention in recent literature. Scoped Administration for Role–Based Access Control (SARBAC) puts forward what is claimed to be a complete, versatile, and practical role–based administrative model. These attributes are deemed to be key for SARBAC’s dynamic, flexible nature. However, SARBAC shuns alternative ...

(ABAC) mechanisms are gaining in popularity while the role-based access control (RBAC) mechanism is widely accepted as a general mechanism for authorization management. This paper proposes a new access control model, CRBAC, which aims to combine the advantages of RBAC and ABAC, and integrates all kinds of constraints into the RBAC model. Unlike other work in this area, which only incorporates o...

In role-based access control (RBAC), permissions are associated with roles and users are made members of appropriate roles, thereby acquiring the roles’ permissions. The principal motivation behind RBAC is to simplify administration. In this paper, we investigate one aspect of RBAC administration concerning assignment of users to roles. We introduce a constrained user-role assignment model, cal...

Providing restrictive and secure access to resources is a challenging and socially important problem. Among the many formal security models, Role Based Access Control (RBAC) has become the norm in many of today’s organizations for enforcing security. For every model, it is necessary to analyze and prove that the corresponding system is secure. Such analysis helps understand the implications of ...

Today, many organizations generate large amount of data and have many users that need only partial access to resources at any time to collaborate in making critical decisions. Thus, there is a need for a scalable access control model that simplifies the management of security policies and handles the heterogeneity inherent in the information system. This paper proposes an ontology-based distrib...

The analysis of security policies designed for ICS and SCADA can benefit significantly from the adoption of automatic/semi-automatic software tools that are able to work at a global (system) level. This implies the availability of a suitable model of the system, which is able to combine the abstractions used in the definition of policies with the access control and right management mechanisms u...

For the Computer Supported Collaborative Design (CSCD) environment’s groups, dynamics and distribution characteristics, the paper proposes a Task & Role-Based access control model (T & RBAC) and makes the informal definition of the model. The T & RBAC model is based on the T-RBAC model, and extends the definition of the Users, Roles, Tasks, Permissions and the other factors. In the T&RBAC model...

Basic role based access control [RBAC] provides a mechanism for segregating access privileges based upon users' hierarchical roles within an organization. This model doesn't scale well when there is tight integration of multiple hierarchies. In a case where there is joint-tenancy and a requirement for different levels of disclosure based upon a user's hierarchy, or in our case, organization or ...

This document describes enhancements made to the popular OpenSSH authentication service to restrict the execution of OpenSSH processes by applying a ring-based program execution policy. We also apply a label-based mandatory access control (MAC) policy to limit a user’s login shell to run at a specific security level within the user’s authorized security clearance range. While still rudimentary,...