Role And Task Based Access Control Model

Content:The need for controlled sharing of information and other resources among multiple users has led to the development of access control models. Access control models provide a form and framework for specifying, analyzing and implementing security policies in multi-user systems. The models should be flexible enough to accommodate diverse security policies easily. Numerous access control models have been presented. Some are defined in terms of well known abstractions of subjects, objects and access rights; and others in terms of roles, permissions and users. The important issues concerned with access control models are flexibility, policy neutrality, and simplicity of administration. Role-Based Access Control is a flexible and policy-neutral access control technology, so it has recently been paid considerable attention to. Several models of RBAC have been presented, but they were not complete. This paper is to do research on role-based security model. An improved Role-Based Access Control model is presented.Task-Based Access Control model is well suited for distributed computing and information processing activities with multiple points of access, control, and making decision such as that found in workflow and distributed process and transaction management systems. In this paper, conception of role is introduced into Task-Based Access Control model, and an improved Task-Based Access Control model(TRBAC) is proposed.Three parts are included in this paper.Firstly, an improved Role-Based Access Control model is presented.Secondly, a prototype of access control system is designed and implemented according to the improved Role-Based Access Control model .Finally, conception of role is introduced into Task-Based Access Control model, and an improved Task-Based Access Control model(TRBAC) is presented.The contributions of this paper are as follows.Firstly, for private privileges, depth of propagation is introduced to specify depth of the privilege propagation along entity hierarchies. Role privileges are divided into public privileges and private privileges, the parent role inherits public privileges from child role, but can not inherit private privileges from child role.Secondly, for simplicity of administration, hierarchies and inheritanceare introduced into object and operation.Thirdly, an Role-based Constraints Language (TRCL) which can be used to specify time constraints is presented. The expressive power of TRCL can be enhanced by user-defined predicates, and all most Role-based constraints can be conveniently formulated in TRCL.Fourthly, a prototype of access control system is designed and implemented according to the improved Role-Based Access Control model.Finally, conception of role is introduced into Task-Based Access Control model, and an improved Task-Based Access Control model (TRBAC) is presented.