Roles Generation for Applications in RBAC Model-Reference-Cited by-同舟云学术

Roles Generation for Applications in RBAC Model

Published:2013-09 Issue: Volume:411-414 Page:35-39
ISSN:1662-7482
Container-title:Applied Mechanics and Materials
language:
Short-container-title:AMM

Author:

Tian Wan Li¹,Liu Lian Zhong¹,Liu Meng¹

Affiliation:

1. Beihang University

Abstract

RBAC has been widely used for the reason of its efficiency, convenience and safety. But as the traditional user-oriented access control strategy, the RBAC carries the disadvantage of user-oriented access control as well. It always assumes that the application is credible and the behavior of the program represents the wishes of the user. However, this assumption is increasingly proving to be false and numbers of prevalent types of security attacks leverage this weakness to misuse the authority of users. Based on RBAC and learn from the concept of FBAC, this paper will proposed a solution about generating roles for application.

Publisher

Trans Tech Publications, Ltd.

Link

https://www.scientific.net/AMM.411-414.35.pdf

Reference8 articles.

1. Sandhu R S. Role-based access control[J]. Advances in computers, 1998, 46: 237-286.

2. Cliffe Schreuders Z, McGill T, Payne C. The State of the Art of Application Restrictions and Sandboxes: A Survey of Application-oriented Access Controls and their Shortfalls[J]. Computers & Security, (2012).

3. Dhamankar R, Dausin M, Eisenbarth M, et al. SANS[R]. Technical Report: " The Top Cyber Security Risks, (2009).

4. Liang B, Liu H, Shi W, et al. Enforcing the principle of least privilege with a state-based privilege control model[M]/Information Security Practice and Experience. Springer Berlin Heidelberg, 2005: 109-120.

5. Schreuders Z C, Payne C. Reusability of functionality-based application confinement policy abstractions[M]/Information and Communications Security. Springer Berlin Heidelberg, 2008: 206-221.