Object-specific Role-based Access Control

Mundbrod, Nicolas and Reichert, Manfred (2019) Object-specific Role-based Access Control. International Journal of Cooperative Information Systems, 28 (1). 1950003:1-1950003:30. ISSN 0218-8430

[img] PDF - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader

Official URL: https://www.worldscientific.com/loi/ijcis


The proper management of privacy and security constraints in information systems in general and access control in particular constitute a tremendous, but still prevalent challenge. Role-based access control (RBAC) and its variations can be considered as the widely adopted approach to realize authorization in information systems. However, RBAC lacks a proper object-specific support, which disallows establishing the fine-grained access control required in many domains. By comparison, attribute-based access control (ABAC) enables a fine-grained access control based on policies and rules evaluating attributes. As a drawback, ABAC lacks the abstraction of roles. Moreover, it is challenging to engineer and to audit the granted privileges encoded in rule-based policies. This paper presents the generic approach of object-specific role-based access control (ORAC). On one hand, ORAC enables information system engineers, administrators and users to utilize the well-known principle of roles. On the other, ORAC allows realizing the access to objects in a fine-grained way where required. The approach was systematically established according to well-elicited key requirements for fine-grained access control in information systems. For the purpose of evaluation, the approach was applied to real-world scenarios and implemented in a proof-of-concept prototype demonstrating its feasibility and applicability.

Item Type:Article
Subjects:DBIS Research > Publications
ID Code:1743
Deposited By: Nicolas Mundbrod
BibTex Export:BibTeX
Deposited On:28 Mar 2019 17:12
Last Modified:12 Mar 2020 18:26

Repository Staff Only: item control page