Formal Description for an Object-Oriented Role-based Access Control Model

  •  Chungen Xu    
  •  Sheng Gong    


Role-based access control(RBAC) is a promising technology for managing and enforcing security in large-scale enterprise-wide system, and we were motivated by the need to manage and enforce the strong access control technology of RBAC in large-scale Web environments. Majority of traditional access control models were passive data-protections, which were not suitable for large and complex multi-user interactive applications. In this paper, we develop a general model to control users’ behaviors based on their roles actively, and proposes a framework of well-defined Formal Description for developers to build application-level access control based on users’ roles. It ensure that each role is configured with consistent privileges, each actor is authorized to proper roles and then each actor can activate and play his authorized roles without interest conflicts. These formal specifications are consistent and inferable, complete and simplified, abundant and scalable for diversified multi-user applications.

This work is licensed under a Creative Commons Attribution 4.0 License.
  • ISSN(Print): 1913-8989
  • ISSN(Online): 1913-8997
  • Started: 2008
  • Frequency: quarterly

Journal Metrics

WJCI (2020): 0.439

Impact Factor 2020 (by WJCI): 0.247

Google Scholar Citations (March 2022): 6907

Google-based Impact Factor (2021): 0.68

h-index (December 2021): 37

i10-index (December 2021): 172

(Click Here to Learn More)