Authors: Gurucharansingh J. Sahani; Chirag S. Thaker; Sanjay M. Shah
Addresses: Computer Engineering/IT Department, Gujarat Technological University, Gandhinagar, Gujarat, India ' Computer Engineering Department, Government College of Engineering, Rajkot, Gujarat, India ' Computer Engineering Department, LD College of Engineering, Ahmedabad, Gujarat, India
Abstract: Access control is one of the essential security requirements of any information system. Role-based access control (RBAC) has been the most popular access control model so far. However, in-advance, manual, and time-consuming role assignment process makes it inefficient in large data-sharing applications. Extension to RBAC models using attributes, attribute-based access control (ABAC) model, and combination of access control models with other techniques has become an emerging research area in access control. Recent research either focuses on standardising the ABAC model or making RBAC fine-grained, dynamic, and context-aware. A manual user-role assignment is still an open problem for RBAC that limits it for extending. In large-scale applications, a large number of users makes the manual user-role assignment process complicated and difficult. In this paper, we present an attribute-based framework to make RBAC's user-role assignment process automatic by extending it for large-scale applications.
Keywords: access control; automatic user-role assignment; large-scale applications; patient health record; role-based access control; RBAC.
International Journal of Communication Networks and Distributed Systems, 2022 Vol.28 No.1, pp.76 - 102
Received: 18 Mar 2021
Accepted: 02 Jun 2021
Published online: 03 Jan 2022 *