3rd International ICST Symposium on Information Assurance and Security

Research Article

Enhancing Role-Based Access Control Model through Fuzzy Relations

  • @INPROCEEDINGS{10.1109/IAS.2007.69,
        author={Hassan Takabi and Morteza Amini and Rasool  Jalili},
        title={Enhancing Role-Based Access Control Model through Fuzzy Relations},
        proceedings={3rd International ICST Symposium on  Information Assurance and Security},
        publisher={IEEE},
        proceedings_a={IAS},
        year={2007},
        month={9},
        keywords={Access control  Companies  Computer networks  Computer security  Fuzzy control  Fuzzy set theory  Information security  Information technology  Insurance  Permission},
        doi={10.1109/IAS.2007.69}
    }
    
  • Hassan Takabi
    Morteza Amini
    Rasool Jalili
    Year: 2007
    Enhancing Role-Based Access Control Model through Fuzzy Relations
    IAS
    IEEE
    DOI: 10.1109/IAS.2007.69
Hassan Takabi1,*, Morteza Amini1,*, Rasool Jalili1,*
  • 1: Network Security Center Computer Engineering Department Sharif University of Technology Tehran, Iran
*Contact email: takabi@ce.sharif.edu, m_amini@ce.sharif.edu, jalili@sharif.edu

Abstract

Role-Based Access Control (RBAC) model is naturally suitable to organizations where users are assigned organizational roles with well-defined privileges. However, due to the large number of users in nowadays online services of organizations and enterprises, assigning users to roles is a tiresome task and maintaining user-role assignment up- to-date is costly and error-prone. Additionally, with the increasing number of users, RBAC may have problems in prohibiting cheat and changing roles of users. In order to categorize information and formulate security policies, human decision making is required which is naturally fuzzy in the real world. This leads using a fuzzy approach to address the issue in order to provide a more practical solution. In this paper, applicability of fuzzy set theory to RBAC has been investigated by identifying access control building blocks which are fuzzy in essence. An existing RBAC model is extended to allow imprecise access control policies, using the concept of trustworthiness which is fuzzy in nature. We call the extended model as Fuzzy RBAC. Applicability of the extended model has been evaluated through some case studies