A tutorial task and tertiary courseware model for collaborative learning communities

RAED provides a computerised infrastructure to support the development and administration of Vicarious Learning in collaborative learning communities spread across multiple universities and workplaces. The system is based on the OASIS middleware for Role-based Access Control. This paper describes the origins of the model and the approach to implementation and outlines some of its benefits to collaborative teachers and learners

An Administrative Model for Role-Based Access Control Using Hierarchical Namespace

Access Control is an important mechanism of information security. Role-Based Access Control is a famous access control approach with good flexibility. RBAC96 and ARBAC97 are classical RBAC models. The ARBAC97 model facilitates decentralized administration of RBAC. However, ARBAC97 has some shortcomings in the case of being used in an organization with autonomous subsidiaries. The member of an administrative role can operate directly in the role range of a junior administrative role, which violates the autonomy of subsidiaries. We propose a new model named N-RBAC to overcome this weakness. In NRBAC, roles are arranged according to a hierarchical namespace structure. Thus the role hierarchy is constructed in a local space instead of in a global space. The N-RBAC model does a better work in decentralized role administration in those organizations composed of autonomous subsidiaries

Securing Controls Middleware of the Large Hadron Collider

The distributed control system of the Large Hadron Collider (LHC) presents many challenges due to its inherent heterogeneity and highly dynamic nature. One critical challenge is providing access control guarantees within the middleware. Role-based access control (RBAC) is a good candidate to provide access control. However, in an equipment control system transactions are often dependent on user context and device context. Unfortunately, classic RBAC cannot be used to handle the above requirements. In this paper we present an extended role-based access control model called CMW-RBAC. This new model incorporates the advantages of role-based permission administration together with a fine-grained control of dynamic context attributes. We also propose a new technique called dynamic authorization that allows phased introduction of access control in large distributed systems. This paper also describes motivation of the project, requirements, and overview of its main components: authentication and authorization

SoNeUCONADM: the administrative model for SoNeUCONABC usage control model

The popularity of Web Based Social Networks (WBSNs) encourages their enhancement. Many WBSN data is considered personal data and access control management plays a key role in this regard. The point is not only to manage access control but to determine how administration should be performed. Based on SoNeUCONABC, an expressive usage control model that allows fine-grained access control management, this paper presents SoNeUCONADM, the complementary administrative model. Based on a pair of related and popular administrative models, the evaluation proves the completeness of SoNeUCONADM

Administration of access control in information systems using URBAC model

Since the value of information is constantly growing more and more businesses are in need for information system to aid them with information gathering and processing. The most important issue that arises here is how to ensure safety of this data that may be held on servers, personal computers or PDAs. This is where access control comes in. The main role of access control is to ensure that no unauthorized user will be able to gain access to resources and be able to copy or modify them. The paper deals with the process of access control administration in information systems with the use of usage role-based control approach. The presented process is based on the role engineering concept that includes the creation of security schema of access control divided between two actors - application/system developer and security administrator. They realize their tasks during two main phases that allow to define the complete access control schema for information systems of an organization

Policy analysis for self-administrated role-based access control

Current techniques for security analysis of administrative role-based access control (ARBAC) policies restrict themselves to the separate administration assumption that essentially separates administrative roles from regular ones. The naive algorithm of tracking all users is all that is known for the security analysis of ARBAC policies without separate administration, and the state space explosion that this results in precludes building effective tools. In contrast, the separate administration assumption greatly simplifies the analysis since it makes it sufficient to track only one user at a time. However, separation limits the expressiveness of the models and restricts modeling distributed administrative control. In this paper, we undertake a fundamental study of analysis of ARBAC policies without the separate administration restriction, and show that analysis algorithms can be built that track only a bounded number of users, where the bound depends only on the number of administrative roles in the system. Using this fundamental insight paves the way for us to design an involved heuristic to further tame the state space explosion in practical systems. Our results are also very effective when applied on policies designed under the separate administration restriction. We implement our techniques and report on experiments conducted on several realistic case studies

A Distributed Calculus for Role-Based Access Control

Role-based access control (RBAC) is increasingly attracting attention because it reduces the complexity and cost of security administration by interposing the notion of role in the assignment of permissions to users. In this paper, we present a formal framework relying on an extension of the π calculus to study the behavior of concurrent systems in a RBAC scenario. We define a type system ensuring that the specified policy is respected during computations, and a bisimulation to equate systems. The theory is then applied to three meaningful examples, namely finding the ‘minimal’ policy to run a given system, refining a system to be run under a given policy (whenever possible), and minimizing the number of users in a given system without changing the overall behavior