Previous [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12]

Journal of Information Science and Engineering, Vol.18 No.6, pp.871-889 (November 2002)


Designing a Complete Model of Role-based Access Control
System for Distributed Networks

Chang N. Zhang and Cungang Yang
Department of Computer Science
University of Regina, Trlabs
Regina, Saskatchewan, S4S 0A2, Canada
E-mail: zhang@cs.uregina.ca
E-mail: cungang@cs.uregina.ca

In distributed computing environments, users like to share resources and communicate with each other in order to perform their jobs more efficiently. It is important to keep resources and information from unexpected use by unauthorized users. Therefore, in the past few years there has been a strong demand for access control of distributed shared resources. Role-Based Access Control (RBAC) has been introduced and has offered a powerful means of specifying access control decisions. In this paper, we propose an object-oriented RBAC model for distributed systems (ORBAC) to efficiently represent the real world. Moreover, under the decentralized management architecture, an ORBAC implementation of the model has been extended to realize multiple domain access control. Finally, an automatic intelligent role assignment backtracking algorithm is presented. The computation complexity of the algorithm is O (N) where N is the number of roles in the authorized role set of a user.

Keywords: ORBAC, separation of duties, least privilege, constraint, public/private key, multi-domain access control, credential

Full Text () Retrieve PDF document (200211_02.pdf)

Received August 30, 2001; accepted April 15, 2002.
Communicated by Jang-Ping Sheu, Makoto Takizawa and Myongsoon Park.