Scalable Role & Organization Based Access Control and Its Administration

In Role Based Access Control (RBAC), roles are typically created based on jobfunctions inside an organization. Traditional RBAC does not scale up well for modelingsecurity policies spanning multiple organizations. To solve this problem, a family ofextended RBAC models called Role and Organization Based Access Control (ROBAC)models and its administrative models are proposed and formalized in this dissertation.Two examples are used to motivate and demonstrate the usefulness of ROBAC.Comparison between ROBAC and other RBAC extensions are given. I show thatROBAC can significantly reduce the administrative complexities of applicationsinvolving a large number of similar organizational units. The applicability and expressivepower of ROBAC are discussed. By showing that any given ROBAC model can bemodeled by a RBAC model and vice versa, I prove that the expressive power of ROBACis equal to that of traditional RBAC.A comprehensive role and organization based administrative model calledAROBAC07 is developed. It has five sub-models dealing with various administrativetasks in ROBAC. I show that the AROBAC07 model provides an intuitive and controlledway to decentralize administrative tasks in ROBAC based systems. A concept calledapplication compartment (ACom) in ROBAC is introduced and its usage in ROBAC isdiscussed. AROBAC07 scales up very well for ROBAC based systems involving manyorganizational units.Two ROBAC variants, manifold ROBAC (ROBAC) and pseudo ROBAC(ROBAC), are presented and formalized. Their corresponding administrative models arealso proposed. The usefulness of manifold ROBAC is demonstrated in securecollaboration via a ROBAC based secure collaboration schema which avoids manyproblems resulted from role-mapping, role-translation, or role exporting. The usefulnessof pseudo ROBAC is demonstrated in a web based on-demand movie service case study.