Question

Explain the two extensions of RBAC model in two separate paragraphs. Discuss the advantage of each one.

Answer 1

Answer:-

Addressing the Challenge of Un-known Users

An integrated model to RBAC called a credential-based access control has been proposed to overcome this shortcomings of RBAC and facilitate security administration . In this model, a user is allowed to gain specific access privileges based on provided credentials, such as, credit card numbers or proof of membership. These credentials are used to provide information about the user’s rights, qualifications, responsibilities and other attributes. Based on these information a determinatiuon is made on whether it is safe to provide access to the user. This model has some shortcomings. Once it grants a privilege it has no way of revoking that or escalating that based on the user’s behavior. It does not bind user behavior history with required privileges for each session to make access decision. TrustBAC is proposed to fill this gap. Using this model, access authorization is granted based on the user’s trust level. The model evaluates trust relationships based on vector model of trust In TrustBAC model trust is always related to a particular context. For example, entity A needs to compute the trust level of entity B in some context. A trust relationship for particular context c is a vector (A c−→ B)t of three components: experience, knowledge, and recommendation. It is represented by [AEc B,A Kc B,A Rc B] where AEc B represents A’s experience about B in context c, AKc B represents As knowledge, and ARc B represents B’s recommendation to A from different source. These three factors are expressed in terms of numeric values in the range [−1, 1] ∪ {⊥}. In this range 0 indicates trust-neutral, -1 indicates trust-negative, and 1 indicates trust-positive.

Incorportaing Temporal Information into RBAC

In temporal domains, a role has predefined activation or deactivation time. A role is get activated within the duration a role is in enabled state. Sometimes, there should be some activation dependences between roles. For example, a role called doctor-on-night-duty is active between 10 PM and 6 AM. Because a doctor needs the assistance of a nurse, there should be another role of nurse-on-night-duty in the same period. Therefore, whenever doctor-on-night-duty is active/non-active nurse-on-night-duty must be active/non-active respectively. Temporal-RBAC (TRBAC) extended RBAC model to support such temporal constraints. To support role dependencies, the concept of role triggers is defined. These role triggers executed whenever activation and/or deactivation of roles takes place. The firing of a trigger may cause an immediate or differed action of activation/deactivation of roles. Role triggers resolves conflicting roles activation/ deactivation, and an activation priority. The action of high priority is the winner and it will be executed first. Further, an administrator can issue run time requests of activation/deactivation of roles. When a user request to activate a role, the system authorizes the user if the user has the authorization to play the role and the role is enabled at the request time. Additionally, run-time requests, periodic events, and role triggers are also prioritized to solve the problem of conflict actions