Homonymous role in role-based discretionary access control

Xiaowen Chu, Kai Ouyang, Hsiao-Hwa Chen, Jiangchuan Liu, Yixin Jiang

Research output: Contribution to journalArticle

1 Citation (Scopus)

Abstract

The access control model is a core aspect of trusted information systems. Based on the role based access control (RBAC) model, we put forward the concept of the homonymous role, which extends the role control categories in RBAC, balances the control granularity and the storage space requirements, and executes the fine-grained access control. Instead of the traditional global access control policies (GACP), we propose the homonymous control domain (HCD) mechanism to enable the coexistence of multiple types of access control policies in a single system, thereby improving the control granularity and flexibility. The HCD mechanism facilitates the discretionary supporting of independent access control policies for its homonymous user. The HCD mechanism and the traditional access control mechanism can be linked to construct a two-layer access control policy mechanism for a system. Notably, we also consider the temporal characteristic in HCD, which is a critical feature of modern access control models. Furthermore, we analyze the conflicts between the HCD and GACP mechanisms. Finally, we design and implement our HCD on FreeBSD to demonstrate the advantages of the two-layer access control mechanism.

Original languageEnglish
Pages (from-to)1287-1300
Number of pages14
JournalWireless Communications and Mobile Computing
Volume9
Issue number9
DOIs
Publication statusPublished - 2009 Sep 1

Fingerprint

Access control
Information systems

All Science Journal Classification (ASJC) codes

  • Information Systems
  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Cite this

Chu, Xiaowen ; Ouyang, Kai ; Chen, Hsiao-Hwa ; Liu, Jiangchuan ; Jiang, Yixin. / Homonymous role in role-based discretionary access control. In: Wireless Communications and Mobile Computing. 2009 ; Vol. 9, No. 9. pp. 1287-1300.
@article{718817b0605947ce9b9cd72bbbe5b7d5,
title = "Homonymous role in role-based discretionary access control",
abstract = "The access control model is a core aspect of trusted information systems. Based on the role based access control (RBAC) model, we put forward the concept of the homonymous role, which extends the role control categories in RBAC, balances the control granularity and the storage space requirements, and executes the fine-grained access control. Instead of the traditional global access control policies (GACP), we propose the homonymous control domain (HCD) mechanism to enable the coexistence of multiple types of access control policies in a single system, thereby improving the control granularity and flexibility. The HCD mechanism facilitates the discretionary supporting of independent access control policies for its homonymous user. The HCD mechanism and the traditional access control mechanism can be linked to construct a two-layer access control policy mechanism for a system. Notably, we also consider the temporal characteristic in HCD, which is a critical feature of modern access control models. Furthermore, we analyze the conflicts between the HCD and GACP mechanisms. Finally, we design and implement our HCD on FreeBSD to demonstrate the advantages of the two-layer access control mechanism.",
author = "Xiaowen Chu and Kai Ouyang and Hsiao-Hwa Chen and Jiangchuan Liu and Yixin Jiang",
year = "2009",
month = "9",
day = "1",
doi = "10.1002/wcm.700",
language = "English",
volume = "9",
pages = "1287--1300",
journal = "Wireless Communications and Mobile Computing",
issn = "1530-8669",
publisher = "John Wiley and Sons Ltd",
number = "9",

}

Homonymous role in role-based discretionary access control. / Chu, Xiaowen; Ouyang, Kai; Chen, Hsiao-Hwa; Liu, Jiangchuan; Jiang, Yixin.

In: Wireless Communications and Mobile Computing, Vol. 9, No. 9, 01.09.2009, p. 1287-1300.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Homonymous role in role-based discretionary access control

AU - Chu, Xiaowen

AU - Ouyang, Kai

AU - Chen, Hsiao-Hwa

AU - Liu, Jiangchuan

AU - Jiang, Yixin

PY - 2009/9/1

Y1 - 2009/9/1

N2 - The access control model is a core aspect of trusted information systems. Based on the role based access control (RBAC) model, we put forward the concept of the homonymous role, which extends the role control categories in RBAC, balances the control granularity and the storage space requirements, and executes the fine-grained access control. Instead of the traditional global access control policies (GACP), we propose the homonymous control domain (HCD) mechanism to enable the coexistence of multiple types of access control policies in a single system, thereby improving the control granularity and flexibility. The HCD mechanism facilitates the discretionary supporting of independent access control policies for its homonymous user. The HCD mechanism and the traditional access control mechanism can be linked to construct a two-layer access control policy mechanism for a system. Notably, we also consider the temporal characteristic in HCD, which is a critical feature of modern access control models. Furthermore, we analyze the conflicts between the HCD and GACP mechanisms. Finally, we design and implement our HCD on FreeBSD to demonstrate the advantages of the two-layer access control mechanism.

AB - The access control model is a core aspect of trusted information systems. Based on the role based access control (RBAC) model, we put forward the concept of the homonymous role, which extends the role control categories in RBAC, balances the control granularity and the storage space requirements, and executes the fine-grained access control. Instead of the traditional global access control policies (GACP), we propose the homonymous control domain (HCD) mechanism to enable the coexistence of multiple types of access control policies in a single system, thereby improving the control granularity and flexibility. The HCD mechanism facilitates the discretionary supporting of independent access control policies for its homonymous user. The HCD mechanism and the traditional access control mechanism can be linked to construct a two-layer access control policy mechanism for a system. Notably, we also consider the temporal characteristic in HCD, which is a critical feature of modern access control models. Furthermore, we analyze the conflicts between the HCD and GACP mechanisms. Finally, we design and implement our HCD on FreeBSD to demonstrate the advantages of the two-layer access control mechanism.

UR - http://www.scopus.com/inward/record.url?scp=69049105585&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=69049105585&partnerID=8YFLogxK

U2 - 10.1002/wcm.700

DO - 10.1002/wcm.700

M3 - Article

VL - 9

SP - 1287

EP - 1300

JO - Wireless Communications and Mobile Computing

JF - Wireless Communications and Mobile Computing

SN - 1530-8669

IS - 9

ER -