A Fuzzy RBAC Model Described by XML-Graph

Due to the rapid increasing of system users, it is becoming a tiresome task for the administrator to assign roles and maintain permissions in traditional RBAC model. In order to simplify the administrator´s work and standardize security strategy, human´s fuzzy decision-making capability is required. In this paper, an optimized RBAC model based on fuzzy theory is proposed. Bitmap matrix is used for computing role´s trustworthiness(RT); Variance is applied to adjust attribute weight vector to improve max-min operation´s limitation; Similar users are clustered to share group experience to improve the accuracy of the model; Historical and mutually exclusive permission table for each user is enforced to implement fuzzy RBAC model with separation of duty constraint. Experimental results demonstrate that the optimized model has greater accuracy and avoids the invalidation under special conditions. Additionally, aiming at the limitation of role inheritance and constraint in traditional XML-described RBAC model, a new XML-graph method is introduced. In this method, multi-inheritance is implemented by referencing attributes and private permission is protected by private inheritance. Using XML-graph to describe the improved fuzzy RBAC model, access control strategy can be easily deployed in different systems and the model´s application range is largely expanded.