Mundbrod, Nicolas and Reichert, Manfred (2019) Object-specific Role-based Access Control. International Journal of Cooperative Information Systems, 28 (1). 1950003:1-1950003:30. ISSN 0218-8430
Download (2MB)
Abstract
The proper management of privacy and security constraints in information systems in general and access control in particular constitute a tremendous, but still prevalent challenge. Role-based access control (RBAC) and its variations can be considered as the widely adopted approach to realize authorization in information systems. However, RBAC lacks a proper object-specific support, which disallows establishing the fine-grained access control required in many domains. By comparison, attribute-based access control (ABAC) enables a fine-grained access control based on policies and rules evaluating attributes. As a drawback, ABAC lacks the abstraction of roles. Moreover, it is challenging to engineer and to audit the granted privileges encoded in rule-based policies. This paper presents the generic approach of object-specific role-based access control (ORAC). On one hand, ORAC enables information system engineers, administrators and users to utilize the well-known principle of roles. On the other, ORAC allows realizing the access to objects in a fine-grained way where required. The approach was systematically established according to well-elicited key requirements for fine-grained access control in information systems. For the purpose of evaluation, the approach was applied to real-world scenarios and implemented in a proof-of-concept prototype demonstrating its feasibility and applicability.
Item Type: | Article |
---|---|
Subjects: | DBIS Research > Publications |
Divisions: | Faculty of Engineering, Electronics and Computer Science > Institute of Databases and Informations Systems > DBIS Research and Teaching > DBIS Research > Publications |
Depositing User: | Nicolas Mundbrod |
Date Deposited: | 28 Mar 2019 17:12 |
Last Modified: | 12 Mar 2020 18:26 |
URI: | http://dbis.eprints.uni-ulm.de/id/eprint/1743 |