Generalized Role-Based Access Control for Securing Future Applications
Covington, Michael J.
Moyer, Matthew James
MetadataShow full item record
As computing technology becomes more pervasive and broadband services are deployed into residential communities, new applications will emerge for the home and community environment. These applications will assist people in a variety of daily activities by enabling them to create, access, and manipulate information about the residents and resources in their homes. In a connected community, resources in the home and information about the residents of the home will be remotely accessible to both residents and guests, as well as to potentially malicious users. These new applications, as well as their users and environment, pose new security challenges. The challenges stem from two factors: the nature of the home itself---a private space with a wealth of personal and sensitive information---and the limited technical knowledge and capabilities of the home's residents. We are addressing the problem of securing applications that will access and control information resources in the home of the future. Specifically, we are designing a security system based on a paradigm called Generalized Role-Based Access Control (GRBAC). GRBAC is an extension of traditional Role-Based Access Control (RBAC). It enhances traditional RBAC by incorporating the notion of object roles and environment roles, with the traditional notion of subject roles. These new types of roles allow one to define rich, easy-to-understand security policies without having significant technical knowledge of the underlying computer systems that implement those policies. In this paper, we motivate the need for GRBAC, provide a high-level description of it and demonstrate its usefulness and flexibility via several example applications.