RB-RBAC versus the RBAC Model

Section 4.2 in this article describes the rule-based RBAC (RB-RBAC) model. This model is an extension of the RBAC model, but is not identical to it. How does it differ from the RBAC model?

Al-Kahtani and Sandhu have introduced an extended RBAC approach through rules, called rule-based RBAC (RB-RBAC). In this approach, users are dynamically assigned to roles based on a finite set of assignment rules derived from the security policy. These rules take into consideration the attributes of users as contextual information. Similar to RB-RBAC, Kern and Walhorn have adopted RBAC approach and proposed a rule-based provisioning system for the RBAC approach based on a limited set of user attributes as contextual information. These approaches have the limitation of considering only the user-centric contextual information as policy constraints.

Later, Zheng et al. have proposed a dynamic role-based access control (DRBAC) approach, which incorporates the required credentials of users as contextual information when making user-role and role-permission assignments. The DRBAC approach extends the basic RBAC approach and it dynamically grants and adapts permission to users according to users' contexts.

In 2012, Kayes et al. have proposed a basic Context-Aware role-based Access Control (CAAC) framework for dynamic centralized network environments that are based on semantic technologies, and later the same authors extended the initial CAAC policy model by incorporating a wide range of contextual conditions. Recently, Kayes et al. have introduced a context-aware RBAC policy model for data and information resources. The dynamically changing contextual conditions (or contexts) constitute what is widely known as contextual information. According to context-sensitive access control research, there are three groups of contextual conditions, such as user, resource, and their surrounding environment-centric information (e.g., patients' profiles, users' locations, users' request times). For instance, the interpersonal relationship between two users can be seen as user-centric contextual information.

Source: A. S. M. Kayes, Rudri Kalaria, Iqbal H. Sarker, Md. Saiful Islam, Paul A. Watters, Alex Ng, Mohammad Hammoudeh, Shahriar Badsha, and Indika Kumara, https://www.mdpi.com/1424-8220/20/9/2464/htm
Creative Commons License This work is licensed under a Creative Commons Attribution 4.0 License.

Last modified: Monday, November 16, 2020, 5:38 AM