Sharif Digital Repository

One of the security issues in data outsourcing scenario is the enforcement of data owner's access control policies. This includes some challenges; namely, the number of keys required to access authorized resources, efficient policy updating, write access control enforcement, user and data owner overhead, and preserving confidentiality of data and policies. Most of the existing solutions address only some of the challenges, while they impose high overhead on both the data owner and users. Though, policy management in the Role-Based Access Control (RBAC) model is easier and more efficient due to the existence of role hierarchical structure and role inheritance; most of the existing solutions... 

ANSI RBAC is a standard for a consistent and uniform definition on Role Based Access Control features and their functional specifications ANSI (2004) [1]. We analyze both static and dynamic separation of duty constraints specifications in the ANSI RBAC standard and evaluate their reliabilities. We then suggest necessary improvements for making them completely reliable  

In pervasive computing environments, a user can access resources and services from any where and at any time; thus a key security challenge in these environments is the design of an effective access control model which is aware of context modifications. Changes in context may trigger changes in authorizations. In this paper, we propose a new context-aware access control model based on role-based access control model for pervasive computing environments. We assign roles to users dynamically based on the long-term context information and tune active role's permissions according to the short-term context information of the users and environment. © 2007 IEEE  

Role-Based Access Control (RBAC) model is naturally suitable to organizations where users are assigned organizational roles with well-defined privileges. However, due to the large number of users in nowadays online services of organizations and enterprises, assigning users to roles is a tiresome task and maintaining user-role assignment up- to-date is costly and error-prone. Additionally, with the increasing number of users, RBAC may have problems in prohibiting cheat and changing roles of users. In order to categorize information and formulate security policies, human decision making is required which is naturally fuzzy in the real world. This leads using a fuzzy approach to address the... 

As a security principle, separation of duty (SoD) is widely considered in computer security. In the role-based access control(RBAC) model, separation of duty constraints enforce conflict of interest policies. There are two main types of separation of duty policies in RBAC, Static SoD (SSoD) and Dynamic SoD (DSoD). In RBAC, Statically Mutually Exclusive Role (SMER) constraints are used to enforce Static Separation of Duty policies. Dynamic Separation of duty policies, like SSoD policies, are intended to limit the permissions that are available to a user. However, DSoD policies differ from SSoD policies by the context in which these limitations are imposed. A DSoD policy limits the...