Abstract
A successful marriage of Web and RBAC technology can support effective enterprise-wide security in large-scale systems. But RBAC has a role hierarchy concept that senior role inherits all permissions of junior roles. In the corporate environments, senior role need not have all authority of junior roles, and unconditional inheritance in role hierarchy causes undesirable side effects(permission abuse) and violates the principle of least privilege. In this paper1, we re-explore role and permission inheritance and propose a new model providing restricted permission inheritance. To do this, we divide a single role into sub-roles(Corporate/Department Common role, Restricted Inheritance role, Private Role) based on the degree of inheritance and business characteristics and make role hierarchy with sub-roles. It is very useful to solve unconditional inheritance problem in a corporate environment. And we describe formal description of proposed model. Lastly, we show a system architecture applying RBAC with proposed model within a corporate web environment.
This research was supported by University IT Research Center Project
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
David F. Ferraiolo, John F. Barkley, and D. Ricard Kuhn: A Role-Based Access Control Model and Reference Implementation With a Corporate Intranet. ACM Transactions on Information and System Security, Vol 2, No. 1 (1999) 34–64
Joon S. Park, Ravi Sandhu: RBAC on the Web by Smart Certificates, Proceedings of the fourth ACM workshop on RBAC(1999) 1–9
Zahir Tari, Shun-Wu Chan: A Role-Based Access Control For Internet Security. IEEE Internet Computing(1997) 24–34
MyongJae Kim, YongHoon Yi, HyungHyo Lee and BongNam Noh: A Design Methodology of Role Hierarchies providing Restricted Permission Inheritance. Proceeding of Conference on Information Security and Cryptology, Korea institute of Information Security & Cryptology (2002) 326–329
Sejong Oh, Seog Park: Task-Role Based Access Control(T-RBAC): An Improved Access Control Model for Enterprise Environment. DEXA2000(2000)
Ravi S. Sandhu: Role-Based Access Control Models IEEE Computer, Feb(1996)
Joon S. Park, Ravi Sandhu, and SreeLatha Ghanta: RBAC on the Web by secure cookies. In Proceedings of the IFIP WG11.3 Workshop on Database Security(1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yi, Y., Kim, M., Lee, Y., Lee, H., Noh, B. (2003). Applying RBAC Providing Restricted Permission Inheritance to a Corporate Web Environment. In: Zhou, X., Orlowska, M.E., Zhang, Y. (eds) Web Technologies and Applications. APWeb 2003. Lecture Notes in Computer Science, vol 2642. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36901-5_29
Download citation
DOI: https://doi.org/10.1007/3-540-36901-5_29
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-02354-8
Online ISBN: 978-3-540-36901-1
eBook Packages: Springer Book Archive