LⁿRBAC: A Multiple-Levelled Role-Based Access Control Model for Protecting Privacy in Object-Oriented Systems

Shih-Chien Chou, Department of Computer Science and Information Engineering, National Dong Hwa University, Taiwan

REFEREED
ARTICLE

Abstract

Role-based access control (RBAC) is useful in information security. It is a super set of discretionary access control (DAC) and mandatory access control (MAC). Since DAC and MAC are useful in information flow control (which protects privacy within an application), RBAC can certainly be used in that control. Our research reveals that different control granularity is needed in different cases when controlling information flows within an application. An information flow control model should thus simultaneously offer different levels of control granularity. We designed a multiple-leveled RBAC model to offer multiple levels of control granularity, in which a level of RBAC controls a level of granularity. We called the model LⁿRBAC (n-leveled RBAC), which offer the following features: (1) it allows different control granularity in different cases, (2) it solves the covert channel problems caused by abnormal program stopping, (3) it adapts to dynamic object state change, (4) it controls method invocation through argument sensitivity (5) it allows purpose-oriented method invocation, (6) it controls write access precisely, and (7) it avoids Trojan horses. We implemented a prototype for LⁿRBAC and evaluated it. This paper presents LⁿRBACL.

Note: Due to the typographical sophistication of this article, no HTML version is available. Please use the PDF version.

About the author

Shih-Chien Chou received a Ph. D. degree from the Department of Computer Science and Information Engineering, National Chiao Tung University, Hsinchu, Taiwan. He is currently an associate professor in the Department of Computer Science and Information Engineering, National Dong Hwa University, Hualien, Taiwan. His research interests include software engineering, process environment, software reuse, and information flow control. He can be contacted through the e-mail address scchou@mail.ndhu.edu.tw.

Cite this article as follows: Shih-Chien Chou: “LnRBAC: A Multiple-Levelled Role-Based Access Control Model for the Protecting Privacy in Object-Oriented Systems”, in Journal of Object Technology, vol. 3, no. 3, March-April 2004, pp. 91-120. http://www.jot.fm/issues/issue_2004_03/article2

LnRBAC: A Multiple-Levelled Role-Based Access Control Model for Protecting Privacy in Object-Oriented Systems

Abstract

About the author

LⁿRBAC: A Multiple-Levelled Role-Based Access Control Model for Protecting Privacy in Object-Oriented Systems