TY - JOUR
T1 - Homonymous role in role-based discretionary access control
AU - Chu, Xiaowen
AU - Ouyang, Kai
AU - Chen, Hsiao Hwa
AU - Liu, Jiangchuan
AU - Jiang, Yixin
N1 - Copyright:
Copyright 2009 Elsevier B.V., All rights reserved.
PY - 2009/9
Y1 - 2009/9
N2 - The access control model is a core aspect of trusted information systems. Based on the role based access control (RBAC) model, we put forward the concept of the homonymous role, which extends the role control categories in RBAC, balances the control granularity and the storage space requirements, and executes the fine-grained access control. Instead of the traditional global access control policies (GACP), we propose the homonymous control domain (HCD) mechanism to enable the coexistence of multiple types of access control policies in a single system, thereby improving the control granularity and flexibility. The HCD mechanism facilitates the discretionary supporting of independent access control policies for its homonymous user. The HCD mechanism and the traditional access control mechanism can be linked to construct a two-layer access control policy mechanism for a system. Notably, we also consider the temporal characteristic in HCD, which is a critical feature of modern access control models. Furthermore, we analyze the conflicts between the HCD and GACP mechanisms. Finally, we design and implement our HCD on FreeBSD to demonstrate the advantages of the two-layer access control mechanism.
AB - The access control model is a core aspect of trusted information systems. Based on the role based access control (RBAC) model, we put forward the concept of the homonymous role, which extends the role control categories in RBAC, balances the control granularity and the storage space requirements, and executes the fine-grained access control. Instead of the traditional global access control policies (GACP), we propose the homonymous control domain (HCD) mechanism to enable the coexistence of multiple types of access control policies in a single system, thereby improving the control granularity and flexibility. The HCD mechanism facilitates the discretionary supporting of independent access control policies for its homonymous user. The HCD mechanism and the traditional access control mechanism can be linked to construct a two-layer access control policy mechanism for a system. Notably, we also consider the temporal characteristic in HCD, which is a critical feature of modern access control models. Furthermore, we analyze the conflicts between the HCD and GACP mechanisms. Finally, we design and implement our HCD on FreeBSD to demonstrate the advantages of the two-layer access control mechanism.
KW - Discretionary access control
KW - Homonymous role
KW - Role based access control
UR - http://www.scopus.com/inward/record.url?scp=69049105585&partnerID=8YFLogxK
U2 - 10.1002/wcm.700
DO - 10.1002/wcm.700
M3 - Journal article
AN - SCOPUS:69049105585
SN - 1530-8669
VL - 9
SP - 1287
EP - 1300
JO - Wireless Communications and Mobile Computing
JF - Wireless Communications and Mobile Computing
IS - 9
ER -