Dancheng Li

Work place: Software College of Northeastern University, Shenyang, China

E-mail: ldc@mail.neu.edu.cn


Research Interests: Computational Engineering, Information Systems, Multimedia Information System


Dancheng Li was born in Shenyang, Liaoning province in 1963, earned M.S. degree in the field of computer software in 1990 from Shenyang Institute of Computing Technology, Chinese Academy of Sciences. She is now an associate professor and postgraduate supervisor in Software College of Northeastern University, China (NEU). Before joining NEU, she was an associate research fellow in Shenyang Institute of Automation, Chinese Academy of sciences for about 3 years. Her main research directions include IT service management and information system engineering. 

Author Articles
H-RBAC: A Hierarchical Access Control Model for SaaS Systems

By Dancheng Li Cheng Liu Binsheng Liu

DOI: https://doi.org/10.5815/ijmecs.2011.05.07, Pub. Date: 8 Oct. 2011

SaaS is a new way to deploy software as a hosted service and accessed over the Internet which means the customers don’t need to maintain the software code and data on their own servers. So it’s more important for SaaS systems to take security issues into account. Access control is a security mechanism that enables an authority to access to certain restricted areas and resources according to the permissions assigned to a user. Several access models have been proposed to realize the access control of single instance systems. However, most of the existing models couldn’t address the following SaaS system problems: (1) role name conflicts (2) cross-level management (3) the isomerism of tenants' access control (4) temporal delegation constraints. This paper describes a hierarchical RBAC model called H-RBAC solves all the four problems of SaaS systems mentioned above. This model addresses the SaaS system access control in both system level and tenant level. It combines the advantages of RBDM and ARBAC97 model and introduces temporal constraints to SaaS access control model. In addition, a practical approach to implement the access control module for SaaS systems based on H-RBAC model is also proposed in this paper.

[...] Read more.
Other Articles