ENHANCING ROLE MANAGEMENT IN ROLEBASED ACCESS CONTROL
Role-Based Access Control (RBAC) has been widely applied to authorize certain users to access certain data or resources within complex systems. Several issues arose during the applications of RBAC models, which include the constraints applied in user-role assignments and role-role relations, revoking redundant roles and assignments, etc. These problems bring high costs in RBAC management. This paper addresses these problems from the perspective of visualization in order to enhance role management in RBAC, particularly leveraging the experience of DAG visualization and the administrative cost. A detailed problem statement is made first, and then a DAG normalization process is proposed to construct a refined role hierarchy. Subsequently, a two-layered paradigm, the lower for displaying role hierarchy and permissions, and the upper for placing users, is presented for the visualization of role management in RBAC. Additionally, some specific interaction techniques are put forward to visually aid in solving the constraint and redundancy problems. A two-stage user observation conducted in laboratory environment suggests the effectiveness and usability of the prototype system for the security administrator in role management of RBAC.
RBAC Role Management Role Hierarchy Heuristic layout
Xiaosheng Feng Bin Ge Yang Sun Zhenwen Wang Daquan Tang
C4ISR Technology National Defense Science and Technology Key Laboratory,National University of Defen C4ISR Technology National Defense Science and Technology Key Laboratory, National University of Defe
国际会议
北京
英文
677-683
2010-10-26(万方平台首次上网日期,不代表论文的发表时间)