Russian Federation
student
St. Petersburg, Russian Federation
UDC 004.056
The practical implementation of the role-based access control model (RBAC) in contemporary information systems, particularly those within higher education institutions, has increasingly become a critical security concern. To enhance the security of an information system utilizing the RBAC model, it is essential to impose further restrictions on role usage. This approach will enable the limitation of the number of roles within the system’s architecture by introducing constraints on user privileges during their session. Purpose: to modify the role-based access control model by introducing role exclusion constraints to enhance the security of information systems within higher education institutions. Methods: both static and dynamic mutual exclusion methods for managing roles, along with static and dynamic quantitative limitations on role possession and access privileges. Results: a role-based access control model featuring mutually exclusive roles has been created, and a software implementation of a test model has been successfully carried out. Practical significance: this research is expected to enhance security standards in the deployment of role-based access control models within information systems that feature intricate role architecture.
role-based access control, model of mutually exclusive roles, access control policy, information security
1. Rolevaya model razgranicheniya prav [Role-Based Model of Delimitation of Rights], Solar Company blog. Available at: http://rt-solar.ru/products/solar_inrights/blog/3481 (accessed: November 08, 2025). (In Russian)
2. Rakhmetov R. Rolevaya model bezopasnosti i ee otlichiya ot atributnoy modeli upravleniya dostupom [Role-Based Security Model and Its Differences from the Attribute-Based Access Control Model], Security Vision Company Blog. Available at: http://www.securityvision.ru/blog/rolevaya-model-bezopasnosti-i-eye-otlichiya-ot-atributnoy-modeliupravleniya-dostupom/ (accessed: November 08, 2025). (In Russian)
3. Devyanin P. N. Modeli bezopasnosti kompyuternykh sistem: uchebnoe posobie dlya studentov vuzov [Computer System Security Models: A Tutorial for University Students]. Moscow, Akademiya Publishing House, 2005, 144 p. (In Russian) EDN: https://elibrary.ru/QMOLBP
4. Gaydamakin N. A. Teoreticheskie osnovy kompyuternoy bezopasnosti: uchebnoe posobie [Theoretical Foundations of Computer Security: a tutorial], Yekaterinburg, A. M. Gorky Ural State University, 2008, 212 p. (In Russian)
5. Zmeev A. A. Modeli i metod razgranicheniya dostupa v obrazovatelnykh informatsionnykh sistemakh na osnove virtualnykh mashin [Models and Method of Access Control in Educational Information Systems Based on Virtual Machines]: Abstract of the diss. on competition of a scientific degree PhD (Engin.). Tver, 2022, 23 p. (In Russian)
6. Demurchev N. G. Proektirovanie sistemy razgranicheniya dostupa avtomatizirovannoy informatsionnoy sistemy na osnove funktsionalno-rolevoy modeli na primere vysshego uchebnogo zavedeniya [Design of an Access Control System for an Automated Information System Based on a Functional-Role Model Using a Higher Education Institution as an Example]: Abstract of the diss. on competition of a scientific degree PhD (Engin.). Taganrog, 2006, 18 p. (In Russian) EDN: https://elibrary.ru/NKBBBX
7. Raeckiy A. D., Shlyanin S. A., Ermakova L. A. Realizatsiya razgranicheniya prav dostupa v informatsionnoy sisteme “Portfolio SibGIU” [The Implementation of the Differentiation of Access Rights in the “Portfolio SibGIU” Information System], Kibernetika i programmirovanie [Cybernetics and Programming], 2019, No. 2, Pp. 44–54. DOI:https://doi.org/10.25136/2644-5522.2019.2.18530. (In Russian) EDN: https://elibrary.ru/JBGHPX
8. Uzharinskiy A. Yu., Frolov A. I., Volkov V. N., et al. Razgranichenie prav pri dostupe k servisam i resursam elektronnoy informatsionno-obrazovatelnoy sredy vuza [Differentiation of Rights When Accessing Services and Resources of the Electronic Information and Educational Environment of the University], Prepodavanie informatsionnykh tekhnologiy v Rossiyskoy Federatsii: materialy Devyatnadtsatoy otkrytoy Vserossiyskoy konferentsii: sbornik nauchnykh trudov [Teaching Information Technology in Russia: Collection of Research Papers for the 19th Open All-Russian Conference], online, May 19–20, 2021. Moscow, 1C-Publishing, 2021, Pp. 166–168. (In Russian) EDN: https://elibrary.ru/SJJJVX
9. Structure and Administration, Emperor Alexander I St. Petersburg State Transport University. Available at: http://www.pgups.ru/en/struct (accessed: November 15, 2025).
10. Sevastyanova L. Stroim rolevuyu model upravleniya dostupom. Chast pervaya, podgotovitelnaya [Building a Role-Based Access Control Model. Part One, Preparatory], Khabr Habr. Published online at July 09, 2020. Available at: http://habr.com/ru/companies/solarsecurity/articles/509998 (accessed: November 09, 2025). (In Russian)
11. Fisher B., Brickman N., Jha S., et al. Attribute Based Access Control NIST SP 1800-3 Practice Guide Original Draft. National Cybersecurity Center of Excellence, National Institute of Standards and Technology, 2016, 532 p. Available at: http://www.nccoe.nist.gov/sites/default/files/legacy-files/abac-nist-sp1800-3-draft.pdf (accessed: November 08, 2025).
