Secure Role Activation and Authorization in the Enterprise Environment

  • Richard W. C. Lui
  • Lucas C. K. Hui
  • S. M. Yiu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3545)


Role Based Access Control (RBAC) [3] is a popular approach to specify and enforce security policies in organizations. In large enterprise systems, the number of users, roles and permissions can be in hundreds or thousands and the security management can be a tedious task. One way to simplify the security management in RBAC is to allow the specification and the enforcement of dynamic constraints to be decentralized [7]. In this paper, we discuss the issues for supporting secure role activation and authorization when the decentralized approach to role activation management is adopted. Secure protocols are proposed to handle the processes of role assignment, role activation and authorization.


Role Based Access Control Role Activation Digital Credential Proxy Signature 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Boldyreva, A., Palacio, A., Warinschi, B.: Secure proxy signature schemes for delegation of signing rights (2003),
  2. 2.
    Ferraiolo, D.F., Barklery, J.F., Kuhn, D.R.: A role-based access control model and reference implementation within a corporate intranet. ACM Transactions on Information and System Security 2(1), 34–64 (1999)CrossRefGoogle Scholar
  3. 3.
    Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role-based access control. Artech House, Boston (2003)zbMATHGoogle Scholar
  4. 4.
    Hitchens, M., Varadharajan, V., Saunders, G.: Policy administration domains. In: ACISP, pp. 286–302 (2002)Google Scholar
  5. 5.
    Kim, S., Park, S., Won, D.: Proxy signatures, revisited. In: Han, Y., Quing, S. (eds.) ICICS 1997. LNCS, vol. 1334, pp. 223–232. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  6. 6.
    Lee, G., Kim, W., Kim, D.-K., Yeh, H.: Effective web-related resource security using distributed role hierarchy. In: WAIM, pp. 87–96 (2004)Google Scholar
  7. 7.
    Lui, R.W.C., Chow, S.S.M., Hui, L.C.K., Yiu, S.M.: Role activation management in role based access control. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 358–369. Springer, Heidelberg (2005) (to appear)Google Scholar
  8. 8.
    Mambo, M., Usuda, K., Okamoto, E.: Proxy signatures: Delegation of the power to sign messages. IEICE Trans. on Fundamentals E79-A(9), 1338–1354 (1996)Google Scholar
  9. 9.
    Montenegro, J.A., Moya, F.: A practical approach of X.509 attribute certificate framework as support to obtain privilege delegation. In: Katsikas, S.K., Gritzalis, S., López, J. (eds.) EuroPKI 2004. LNCS, vol. 3093, pp. 160–172. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  10. 10.
    Nicolosi, A., Krohn, M., Dodis, Y., Eres, D.: Proactive two-party signatures for user authentication. In: Proceedings of the 10th Annual Network and Distributed System Security Symposium, February 2003, pp. 233–24 (2003)Google Scholar
  11. 11.
    Park, J.S., Sandhu, R.S.: RBAC on the web by smart certificates. In: ACM Workshop on Role-Based Access Control, pp. 1–9 (1999),
  12. 12.
    Park, J.S., Sandhu, R.S., Ghanta, S.: RBAC on the web by secure cookies. In: DBSec, pp. 49–62 (1999)Google Scholar
  13. 13.
    Sandhu, R., Chandramouli, R.: Role based access control features in commercial database management systems. In: 21st National Information Systems Security Conference, Crystal City, Virginia, October 6-9 (1998)Google Scholar
  14. 14.
    Rivest, R.L., Shamir, A., Adelman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Technical Report MIT/LCS/TM-82 (1977)Google Scholar
  15. 15.
    Schnorr, C.-P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, Heidelberg (1990)Google Scholar
  16. 16.
    Simon, R.T., Zurko, M.E.: Separation of duty in role-based environments. In: IEEE Computer Security Foundations Workshop, pp. 183–194 (1997)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Richard W. C. Lui
    • 1
  • Lucas C. K. Hui
    • 1
  • S. M. Yiu
    • 1
  1. 1.Department of Computer ScienceThe University of Hong KongPokfulam, Hong Kong

Personalised recommendations