CSE Publications - Report Abstract
CSE-2004-2
Title : A FRAMEWORK FOR SUPPORTING AND ENFORCING RBAC AND ITS EXTENSIONS IN A SEAMLESS MANNER
Type : Technical Report
Author(s) : Raman Adaikkalavan and Sharma Chakravarthy
Abstract : Role-Based Access Control (RBAC) has proven as a cost effective as well as a practical solution for authorization management in large enterprises. In the recent past, RBAC has been widely explored and there have been several extensions to it. Current systems do not enforce standard RBAC features and its extensions in a seamless way, which is essential to make RBAC even better-suited for a wide range of applications. In this paper, we propose an Event-Driven RBAC (ED-RBAC) framework that uses Event-Condition-Action (ECA) Rules for enforcing standard RBAC features and its extensions, such as the Generalized Temporal RBAC (GTRBAC) in a seamless way. Unlike other models, where authorization rules are defined by the enterprise, in our framework authorization rules are generated automatically from the enterprise security policy and are used for dynamic user-role assignment, seamless enforcement of diverse constraints, role deactivations, and so on. Automatic generation of authorization rules is indispensable, since thousands of rules are required for authorization management when there are hundreds of roles. In addition, conditions/constraints specification has been generalized so that this approach can support current and future extensions.