Scribd
Upload
163 views22 pages

RbAC 3rd Review

Role-based access control (RBAC) is a common security model that defines user permissions based on their assigned roles. However, administering large RBAC systems with hundreds of roles and thousands of users remains challenging. The document proposes a polynomial-time algorithm to simplify RBAC administration by reducing constraints and computing the maximum set of roles that can be assigned to each user. Key principles for RBAC include flexibility, scalability, and usability.

Uploaded by

Rebeckah Vimala
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
163 views22 pages

RbAC 3rd Review

Role-based access control (RBAC) is a common security model that defines user permissions based on their assigned roles. However, administering large RBAC systems with hundreds of roles and thousands of users remains challenging. The document proposes a polynomial-time algorithm to simplify RBAC administration by reducing constraints and computing the maximum set of roles that can be assigned to each user. Key principles for RBAC include flexibility, scalability, and usability.

Uploaded by

Rebeckah Vimala
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 22

ROLE BASED ACCESS CONTROL

Role-based access control (RBAC) has established itself as a solid base for todays security administration needs. However, the administration of large RBAC systems remains a challenging open problem. Large RBAC systems may have hundreds of roles and tens of thousands of users.

There are three principles for designing security mechanisms:


flexibility and scalability psychological acceptability economy of mechanism

we design administrative models for RBAC that has significant advantages over existing models.

Home Page Home page might contain the page title, a login link, and a link to the home page. This module for authentication login page for security reasons.

The new user have to give the required details for creating a account . In that we are give the mobile number it will send a verification code to our mobile number. We have to enter that code into registration form after that the registration will be completed.

USER YES

NEW USER

NO

LOGIN
PROGRAMME R

ADMIN

REGISTER

MANAGE R

NO

IS SUCCE SS

YES DB

Employee web page contains the operations of the employee. It contains resources and Day to Day work ,in resources it contains the documents. And then the employee have to enter the day to day work and send to the admin.

EMPLOYEE

OPERATIONS

TODAYS WORK DOCS

EXIT

LOGIN

DB

Manager web page contains resources and day to day work. In resources it contains documents and projects. The manager also want to enter the day to day work to admin.

MANAGER

OPERATIONS

RESOURCES

TODAYS WORK

E-MAIL

EXIT

DOCS

PROJECT S

DB

SMTP

The admin have the access of resources , email to the employee , view the employee work, and search the employee logdetails. These details are stored in the admin database when the user will login. The resources contains documents, projects, brouchers. In email page is used to send the email to the emploee.

ADMIN OPERATIO NS

MAIL

WORK DETAILS

RESOURCE S

SEARCH

EXIT

SMTP

DB PROJEC T DOCS
BROCHUR E

DB

Real time polynomial algorithm

polynomial-time algorithm that removes number of constraints and simplify.


The algorithm to reduce the size of user used in the preprocessing procedure . For every user we compute the maximum set of roles that can be assigned to user.

Input(u,r) user name and user role. Ru Initial Registration database. URQ-user roll queue If (user in role exist in user register database) { User regdatabase addrecord for registration }

While (records are affected ) do Display the roles, userdetails. For every role in the user register database If(registerd user is not in role) { Delete roles from database Flag set=true } End if Flag set =false End while

Role assignment: A subject can execute a transaction only if the subject has selected or been assigned a role. The identification and authentication process (e.g. login) is not considered a transaction. All other user activities on the system are conducted through transactions. Thus all active users are required to have some active role.

Role authorization: A subject's active role must be authorized for the subject. With above, this rule ensures that users can take on only roles for which they are authorized.

Transaction authorization: A subject can execute a transaction only if the transaction is authorized through the subject's role memberships, and subject to any constraints that may be applied across users, roles, and permissions. This rule ensures that users can execute only transactions for which they are authorized.

A future direction is to introduce optimization goals into the user-role assignment problem . An interesting optimization objective is to minimize the number of users. future work also relates to human resource management. Assume that there is no valid assignment for a given configuration, which indicates that we may either change the configuration or hire more people (i.e., introduce more users into the system).

The user-role assignment problem with consideration of user-role qualification relation and a variety of role-based and userbased constraints. The consistency problem among three types of role-based constraints, and computational problems related to user-role assign.

G.-J. Ahn and R.S. Sandhu, The RSL99 Language for RoleBased Separation of Duty Constraints, Proc. Fourth Workshop Role-Based Access Control, pp. 43-54, 1999. G.-J. Ahn and R.S. Sandhu, Role-Based Authorization Constraints Specification, ACM Trans. Information and System Security,vol. 3, no. 4, pp. 207-226, Nov. 2000. ANSI, American National Standard for Information TechnologyRole Based Access Control, p. 359, ANSI Intl Committee for Information Technology Standards, Feb. 2004.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy