AT-RBAC: An authentication trustworthiness-based RBAC model

Abstract

In current operating systems, the strength of authentication mechanism does not work on the authorization of the user, which leaves the system security compromise that the user who has passed weak authentication mechanism may have many access rights. This paper firstly puts forwards the thought of authentication trustworthiness, the aim is to give each authenticated user his authentication trustworthiness. According to user's trustworthiness, the system will decide which access rights he will have. The more strength is the authentication mechanism, the larger is the user's authentication trustworthiness. The user's authentication trustworthiness will be taken as one of access control decision elements, so as to prevent the user with less trustworthiness from owning many access rights. Based on the authentication trustworthiness, this paper puts forwards the authentication trustworthiness-based RBAC model. The model associates authentication trustworthiness with RBAC model, and the authentication trustworthiness of the authenticated user will be decision information to activate his roles and permissions, only those users who satisfy role trust activation condition can activate their roles, users who satisfy permission trust activation condition can activate their permissions. The model provides trust authorization by user's role and permissions trust activation, satisfies the requirement that different authentication mechanisms with different strength will correspond to different access rights. © Springer-Verlag 2004.