{"title":"基于关系和基于角色的访问控制的互操作性","authors":"Syed Zain R. Rizvi, Philip W. L. Fong","doi":"10.1145/2857705.2857706","DOIUrl":null,"url":null,"abstract":"Relationship-Based Access Control (ReBAC) was recently proposed as a general-purpose, application-layer access control paradigm, such that authorization decisions are based on the relationship between the access requestor and the resource owner. A first, large-scale implementation of ReBAC in an open-source medical records system was recently attempted by Rizvi et al. In this work, we extend the ReBAC model of Rizvi et al. to support fine-grained interoperability between the ReBAC model and legacy Role-Based Access Control (RBAC) models. This is achieved by the introduction of the notion of demarcations as well as an authorization-time constraint system. Also presented are the design of two authorization algorithms (one of which has an algorithmic structure akin to an SMT solver), their optimization via memoization, and the empirical evaluation of their performances.","PeriodicalId":377412,"journal":{"name":"Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy","volume":"19 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-03-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"Interoperability of Relationship- and Role-Based Access Control\",\"authors\":\"Syed Zain R. Rizvi, Philip W. L. Fong\",\"doi\":\"10.1145/2857705.2857706\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Relationship-Based Access Control (ReBAC) was recently proposed as a general-purpose, application-layer access control paradigm, such that authorization decisions are based on the relationship between the access requestor and the resource owner. A first, large-scale implementation of ReBAC in an open-source medical records system was recently attempted by Rizvi et al. In this work, we extend the ReBAC model of Rizvi et al. to support fine-grained interoperability between the ReBAC model and legacy Role-Based Access Control (RBAC) models. This is achieved by the introduction of the notion of demarcations as well as an authorization-time constraint system. Also presented are the design of two authorization algorithms (one of which has an algorithmic structure akin to an SMT solver), their optimization via memoization, and the empirical evaluation of their performances.\",\"PeriodicalId\":377412,\"journal\":{\"name\":\"Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy\",\"volume\":\"19 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-03-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2857705.2857706\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2857705.2857706","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Interoperability of Relationship- and Role-Based Access Control
Relationship-Based Access Control (ReBAC) was recently proposed as a general-purpose, application-layer access control paradigm, such that authorization decisions are based on the relationship between the access requestor and the resource owner. A first, large-scale implementation of ReBAC in an open-source medical records system was recently attempted by Rizvi et al. In this work, we extend the ReBAC model of Rizvi et al. to support fine-grained interoperability between the ReBAC model and legacy Role-Based Access Control (RBAC) models. This is achieved by the introduction of the notion of demarcations as well as an authorization-time constraint system. Also presented are the design of two authorization algorithms (one of which has an algorithmic structure akin to an SMT solver), their optimization via memoization, and the empirical evaluation of their performances.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
