Journal of Beijing University of Posts and Telecommunications

  • EI核心期刊

JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM ›› 2011, Vol. 34 ›› Issue (5): 19-24.doi: 10.13190/jbupt.201105.19.pengwp

• Papers • Previous Articles     Next Articles

A RoleExtended RBAC for Encrypted Data

  

  • Received:2010-12-08 Revised:2011-06-21 Online:2011-10-28 Published:2011-08-26
  • Contact: Wei-Ping PENG E-mail:pwp9999@hpu.edu.cn
  • Supported by:

    National Hi-Tech Research and Development Program (863 Program) of China;National Natural Science Foundation of China

Abstract:

A roleextended by key based on rolebased access control (KRBAC) for encrypted data which integrates the hierarchical keys into the role management is proposed. The traditional role is extended here to a triple through dividing the independent control domain of the key, which consists of the role as well as the control domain of role and key, with partially ordered set relations and security constraints. In addition, an elementlevel finegrained data protection is proposed based on the above model. Analysis shows that the working mode of extendedrole can reduce the number of roles and the complexity of access control and improve the rationality of distribution of privileges, besides, it can provide security infrastructure for the finegrained data protection. 

Key words: roleextended, access control model, permissionauthorization, encrypted database

CLC Number: