Performance, Computing, and Communications Conference, 2002. 21st IEEE International (2006)
Phoenix, AZ, USA
Apr. 10, 2006 to Apr. 12, 2006
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/.2006.1629439
R. Adaikkalavan , Dept. of Comput. Sci. Eng., Texas Univ., Arlington, TX, USA
S. Chakravarthy , Dept. of Comput. Sci. Eng., Texas Univ., Arlington, TX, USA
In role-based access control (RBAC), users and objects are assigned to one or more roles. Users should be active in the role that has the required permissions before access is granted. Thus, users should be aware of the role-permission assignments for activating the required roles. In general, with respect to role activations, current systems follow the human-active, system-passive model. Users often get swamped with role activations due to numerous factors that include increase in the number of objects, multiple role assignments, and shifting roles often, and lean toward activating all the assigned roles violating the principle of least privilege (PLP). In this paper, we introduce smartaccess, a system based on the system-active, human-passive model that allows users to concentrate on what objects they need, rather than what role should be activated in order to carry on their work efficiently. Furthermore, it provides access control by preserving the PLP and without any information leak. We provide algorithms for discovering roles and analyze various associated factors.
human-passive model, discovery-based role activation, role-based access control, RBAC, role-permission assignment, smartaccess system, system-active model
R. Adaikkalavan and S. Chakravarthy, "Discovery-based role activations in role-based access control," Performance, Computing, and Communications Conference, 2002. 21st IEEE International(PCC), Phoenix, AZ, USA, 2006, pp. 61.