Attribute-based access control (ABAC) and role-based access control (RBAC) are currently the two most popular access control models. Yet, they both have known limitations and offer features complimentary to each other. Due to this fact, integration of RBAC and ABAC has recently emerged as an important area of research. In this paper, we propose an access control model that combines the two mode...

In role-based access control (RBAC) permissions are associated with roles, and users are made members of appropriate roles thereby acquiring the roles' permissions. The principal motivation behind RBAC is to simplify administration. An appealing possibility is to use RBAC itself to manage RBAC, to further provide administrative convenience. In this paper we introduce a role-based administrative...

In this paper, we show how to model UNIX file access using a rolebased approach. A role-based access control model is presented, and its use in reflecting the existing permissions in a UNIX environment is described.

American and European Legislation for protection of medical data agree that the patient has the right to play a pivotal role in the decisions regarding the content and distribution of her/his medical records. The Role Based Access Control (RBAC) model is the most commonly used authorization model in healthcare. The first goal of this work is to review if existing models and standards provide fo...

In large enterprises subject to constant employee turnover and challenging security policies, the administration of Role-based Access Control (RBAC) is a daunting task that is often highly centralized in a small team of security administrators. The aim of this work is to determine why existing models for Administrative Role-based Access Control (ARBAC) have failed to achieve success and thus mo...

GENERALIZATION AND ENFORCEMENT OF ROLE-BASED ACCESS CONTROL USING A NOVEL EVENT-BASED APPROACH