An Integration Model of Role-Based Access Control and Activity-Based Access Control Using Task

Sejong Oh⁵ &
Soeg Park⁵

Part of the book series: IFIP International Federation for Information Processing ((IFIPAICT,volume 73))

768 Accesses

Abstract

Role-based access control (RBAC) and activity-based access control (ABAC) models are well known and recognized as a good security model for enterprise environment. (ABAC model is represented as ‘workflow’). But these models have some limitations to apply to enterprise environment. Furthermore, enterprise environment needs application both RBAC and ABAC models.

In this paper we propose integration model of RABC and ABAC. For this we describe basic concept and limitations of RBAC and ABAC models. And we introduce concept of classifications for tasks. We use task by means of connection RBAC and ABAC models. Also we discuss the effect of new integration model.

Download to read the full chapter text

Chapter PDF

Key words

References

C.P. Pfleeger, Security in Computing, second edition, Prentice-Hall International Inc., 1997.
Google Scholar
E.G. Amoroso, Fundamentals of Computer Security Technology, PTR Prentice Hall, 1994, 253–257.
Google Scholar
Dagstull, G. Coulouris, and J. Dollimore, “A Security Model for Cooperative work: a model and its system implications”, Position paper for ACM European SIGOPS Workshop, September 1994.
Google Scholar
G.J. Ahn, R.S. Sandhu, M. Kang, and J. Park, “Injecting RBAC to Secure a Web-based Workflow System”, Proc. of 5th ACM Workshop on Role-Based Access Control. 2000.
Google Scholar
R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman, “Role-Based Access Control Method”, IEEE Computer, vol.29, Feb. 1996.
Google Scholar
D. Ferraio, J. Cugini, and R. Kuhn, “Role-based Access Control (RBAC): Features and motivations”, Proc. of 11th Annual Computer Security Application Conference, 1995.12.
Google Scholar
W.K. Huang and V. Atluri, “SecureFlow: A Secure Web-enabled Workflow Management System”, Proc. of 4th ACM Workshop on Role-Based Access Control, 1999.
Google Scholar
G. Herrmann and G. Pernul, “Towards Security Semantics in Workflow Management”, Proc. of the 31st Hawaii International Conference on System Sciences, 1998.
Google Scholar
R.K. Thomas and R.S. Sandhu, “Task-based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-oriented Authorization Management”, Proc. of the IFIP WG11.3 Workshop on Database Security, 1997.
Google Scholar

Download references

Author information

Authors and Affiliations

Sogang University, UK
Sejong Oh & Soeg Park

Authors

Sejong Oh
View author publications
You can also search for this author in PubMed Google Scholar
Soeg Park
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

The MITRE Corporation, USA
Bhavani Thuraisingham
Vrije Universiteit, The Netherlands
Reind van de Riet
Universität Zürich, Switzerland
Klaus R. Dittrich
RMIT University, Australia
Zahir Tari

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Oh, S., Park, S. (2002). An Integration Model of Role-Based Access Control and Activity-Based Access Control Using Task. In: Thuraisingham, B., van de Riet, R., Dittrich, K.R., Tari, Z. (eds) Data and Application Security. IFIP International Federation for Information Processing, vol 73. Springer, Boston, MA. https://doi.org/10.1007/0-306-47008-X_32

Download citation

DOI: https://doi.org/10.1007/0-306-47008-X_32
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-7923-7514-2
Online ISBN: 978-0-306-47008-0
eBook Packages: Springer Book Archive

Publish with us

Policies and ethics