Security failure-tolerant role-based access control



Journal Title

Journal ISSN

Volume Title



Role-Based Access Control (RBAC) is a well-known access control security service that restricts access to valuable assets (or objects) using the roles in an organization. However, any security services, such as access control or cryptosystem, might be broken by attacks or inadvertences. Though a RBAC system is strongly designed against the attacks, it can be contaminated by attacks during the operation, or by careless implementation or maintenance. This dissertation describes security failure-tolerant role-based access control (SRBAC) that tolerates the security breaches of RBAC by means of another access control security service, such as extended access control list (EACL). The threats to RBAC are analyzed to identify possible security breaches on an assumption that any security services might be always broken down. The security breaches caused by the threats to RBAC are tolerated with the EACL, which extends ACL. SRBAC is formalized using the set theory to clarify the access control entities (components) and their relationships. A prototype tool is developed to support and validate SRBAC that tolerates the security breaches of RBAC. A healthcare system is modeled with SRBAC to illustrate the proposed approach.



RBAC, Security failure tolerance, ACL