Title :
Planning user assignment in administrative role-based access control
Author :
Huang, Wei ; Yang, Yang
Author_Institution :
Sch. of Comput. Sci. & Eng., Wuhan Inst. of Technol., Wuhan, China
Abstract :
By introducing prerequisite conditions into the user-role assignment component (URA), administrative role-based access control model (ARBAC) has decentralized the user-role assignment without losing the centralized control on security policies. However, in a large-scale role-based access control (RBAC) system, employing the URA makes it very difficult to manually obtain a sequence of the administrative operators by which a given user can be assigned to a given role. We refer to this problem as the user assignment problem (UAP). We formalized the UAP and recognized the UAP as an exponential space complexity problem. We also presented a graph-based search technology to solve the UAP, which was shown to be practically feasible in large-scaled RBAC systems.
Keywords :
authorisation; computational complexity; graph theory; administrative role-based access control model; exponential space complexity problem; graph-based search technology; large-scale role-based access control system; planning user assignment problem; security policies; user-role assignment component; Access control; Centralized control; Communication system control; Engineering management; Financial management; Large-scale systems; Permission; Security; Space technology; Technology management; ARBAC; access control; exponential space complexity; user assignment problem;
Conference_Titel :
Computing, Communication, Control, and Management, 2009. CCCM 2009. ISECS International Colloquium on
Conference_Location :
Sanya
Print_ISBN :
978-1-4244-4247-8
DOI :
10.1109/CCCM.2009.5267501
