Ensuring adequate security of information has been a growing concern of individuals and organizations. There is then the need to provide suitable access control mechanism for preventing insider abuses and ensuring appropriate use of resources. This paper presents an access control scheme that adopts the techniques of Role-Based Access Control (RBAC), Purpose-Based Access Control (PBAC), Time-Based Access Control (TBAC) and History-Based Access Control (HBAC) as components to form an integrated Components-based Access Control Architecture (CACA). In CACA, an Access Control Score (ACS) is computed from the combined access control techniques. CACA also combines ACS with the sensitivity nature of system resources before a level of access is granted. The architecture was implemented within a payroll system developed using JAVA and SQL. Using usability testing, the evaluation of CACA showed 92% reduction in insider abuses and misuse of privileges. This shows that CACA can provide higher level of security access as against what used to exist.
Components- Based Access Control Architecture
