A hybrid attribute based RBAC model

Abstract

In an open and distributed network, role-based access control (RBAC) model has the following deficiencies: Firstly, it is unable to provide flexible access control policy, and the granularity of authorization is too large. Secondly, the allocation and management of roles are too cumbersome, which leads to low efficiency of access control. To deal with these problems, we present a hybrid attribute based RBAC (HA-RBAC) model. In this paper, we deeply research the mapping relationships of roles and attributes, propose a combination of static-attribute-based roles and dynamic-attribute-based rules to simplify the management of access control policy and downsize the access control system, while we formally define the construction of HA-RBAC model and access control algorithm. Comparative analysis and simulation experiments show that this model can not only adapt to the role of fine-grained division and simplify policy management, but also improve the efficiency of access control, and reduce system consumption.