Event Driven Role Based Access Control

Piero Bonatti, Clemente Galdi and Davide Torres.

Abstract: Context-aware access control systems should reactively adapt access control decisions to dynamic environmental conditions. We present ERBAC, an event-driven extension of the TRBAC model that allows the specification and enforcement of general reactive policies. A variety of examples illustrate ERBAC's expressive power, and its ability of handling exceptional situations in a flexible way, while keeping policies compact and manageable. Then we extend XACML to support the new model, and illustrate a prototype implementation of the PDP. Experiments show that the computational cost of policy rule evaluation is compatible with real-world applications.

Piero A. Bonatti, Clemente Galdi, Davide Torres: ERBAC: event-driven RBAC.
18th ACM Symposium on Access Control Models and Technologies, SACMAT '13: pp 125-136.
A prototype implementation is available here

Contact Information

Clemente Galdi
Dipartimento di Ingegneria Elettrica e Tecnologie dell'Informazione
Università di Napoli 'Federico II'
Via Claudio, 21
I-80125 Napoli, ITALY.

Building 3/A, Room T.27
Phone: +39-081-679309
Email: