Role-Based Access Control (RBAC) usually enables a higher level view of authorization. In this model, access permissions are assigned to roles and, in turn, roles are allocated to subjects. The usefulness of the RBAC model is well documented. It includes simplicity, consistency, scalability and ease of manageability. In practice, however, only limited versions of RBAC seem to have been successfully implemented, notably in applications such as databases and operating systems. The problem stems from the fact that most applications require a finer degree of authorization than what core RBAC models are able to provide. In theory, current RBAC models can be adapted to capture fine grained authorizations by dramatically increasing the number of distinct roles in these models. However, this solution comes at an unacceptably high cost of allocating low level privileges which eliminates the major benefits gained from having a high level RBAC model. This paper presents a methodology for refining abstract RBAC models into new Parameterized RBAC models which provide finer grain of authorizations. The semantics of the Parameterized RBAC model is given as a state-based core RBAC model expressed in the formal specification notation Z. By systematically applying this methodology the scope of applications of RBAC is substantially extended and the major benefits of having the core model are maintained.
展开▼
