RABAC: Role-Centric Attribute-Based Access Control

Jin, Xin; Sandhu, Ravi; Krishnan, Ram

doi:10.1007/978-3-642-33704-8_8

Cited by 81 publications

(45 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In RBAC, one can simply map roles from one domain to another (the role is a fixed single attribute and role name is the attribute value). Some research works consider mixed models to take advantage of both [27].…”

Section: Pbac Performance Overheadmentioning

confidence: 99%

Role-Based Integrated Access Control and Data Provenance for SOA Based Net-Centric Systems

She

Zhu

Yen

et al. 2016

IEEE Trans. Serv. Comput.

View full text Add to dashboard Cite

In multi-domain service-based systems, services from different domains are composed together to accomplish critical tasks. In these systems, data flow from one domain to another through the composed services. Thus, security and trustworthiness are the major concerns. Many access control models have been developed for service-based systems. Also, many data provenance schemes have been proposed in recent years to support data quality assessment and enhancement, data reproduction, etc. However, none of the existing mechanisms consider both access control and data provenance in a integrated model. In this paper, we propose an integrated role-based access control and data provenance model to secure the cross-domain interactions. We develop a role-based data provenance scheme which tracks the roles of originators/contributors of a data object and uses this information to help evaluate data trustworthiness. We also make use of the data provenance information and the derived data quality attributes to assist with cross domain access and information flow control. This integrated model mutually enhances data provenance and access control, providing better security and trustworthiness for many multi-domain service-based applications.

show abstract

Section: Pbac Performance Overheadmentioning

confidence: 99%

Role-Based Integrated Access Control and Data Provenance for SOA Based Net-Centric Systems

She

Zhu

Yen

et al. 2016

IEEE Trans. Serv. Comput.

View full text Add to dashboard Cite

show abstract

“…Also, Al-Kahtani et al [11] proposed a model to dynamically assign users to roles using attribute based rules. Further, Jin et al [9] proposed RABAC: Role-centric Attribute based Access Control where they extend RBAC with user and object attributes and also add a Permission Filtering Policy (PFP) to their model. All these focus on extending RBAC rather than using the basic RBAC that is available in most commercial implementations today.…”

Section: Related Workmentioning

confidence: 99%

Enabling the Deployment of ABAC Policies in RBAC Systems

Batra

Atluri

Vaidya

et al. 2018

Data and Applications Security and Privacy XXXII

View full text Add to dashboard Cite

The flexibility, portability and identity-less access control features of Attribute Based Access Control (ABAC) make it an attractive choice to be employed in many application domains. However, commercially viable methods for implementation of ABAC do not exist while a vast majority of organizations use Role Based Access Control (RBAC) systems. In this paper, we present a way in which organizations having a RBAC system can deploy an ABAC policy. Thus, we propose a method for the translation of an ABAC policy into a form that can be adopted by an RBAC system. We compare the cost of enforcement in ABAC and RBAC with respect to time taken to evaluate an access request, and experimentally demonstrate that RBAC is significantly better in this respect. Since the cost of security management is more expensive under RBAC when compared to ABAC, we present an analysis of the different management costs and present mitigation approaches by considering various administrative operations.

show abstract

“…Role‐centric, attribute‐centric and dynamic‐roles are three prominent combination strategies among others . Based on these combination strategies, Jin et al proposed a Role‐centric attribute‐based access control (RABAC) model, claiming it to be the first ever model representing role‐centric access control based on the combination of RBAC and ABAC .…”

Section: Related Workmentioning

confidence: 99%

Towards Attribute-Centric Access Control: an ABAC versus RBAC argument

Fatima

Ghazi

Shibli

et al. 2016

Security Comm. Networks

View full text Add to dashboard Cite

Recent developments in attribute-based access control have fueled the conventional debate regarding the pros and cons of Attributes-based access control (ABAC) versus Role-based access control (RBAC). However, existing arguments have been primarily focused on the complexity analysis of the two models instead of their comprehensive need analysis. On the contrary, the success and evolution of RBAC as a de-facto access control model is based on the thorough need analysis of using roles as a primary decision factor for controlling access. Analogously, we need to consider the application areas for comparing the use of role-based and attribute-based approach. In this regard, our work aims to bridge the gap between the RBAC and the ABAC proponents by convincing the RBAC supporters of the effectiveness of ABAC. We identify various inherent traits of RBAC which have eventually become its limitations in addressing future access control needs for providing flexible, fine-grained, multifactor, and anonymous authorization in dynamically changing and context sensitive environments. These limitations are usually addressed either through extended RBAC models or ABAC model. We analyze the two approaches with respect to their effectiveness in overcoming the identified limitations and draw the conclusion that the attribute-centric approach is the ultimate future of access control.

show abstract

RABAC: Role-Centric Attribute-Based Access Control

Cited by 81 publications

References 19 publications

Role-Based Integrated Access Control and Data Provenance for SOA Based Net-Centric Systems

Role-Based Integrated Access Control and Data Provenance for SOA Based Net-Centric Systems

Enabling the Deployment of ABAC Policies in RBAC Systems

Towards Attribute-Centric Access Control: an ABAC versus RBAC argument

Contact Info

Product

Resources

About