scholarly journals Formal description of HOrBAC model

Author(s):  
Martin Benoît Azanguezet Quimatio ◽  
TSOGNONG FIDELE ◽  
Marcellin Julius Nkenlifack

Abstract Companies' information systems are regularly exposed to internal attacks perpetrated by users who have been granted access to the system. Discretionary, mandatory, role-based and organization-based access control models do not guarantee optimal protection against these attacks because these models trust in users. Therefore, they are unable to protect the system against attacks carried out by authenticated users, especially the super user who can carry out any type of internal attack on information system's data. The objective of this paper is to propose a model that excludes any trust in users. To do so, our model extends the OrBAC (Organization Based Access Control) model by integrating two concepts: the organizational hierarchy and the redundant authentication. The model thus implemented offers a hierarchical and redundant access control to data and processing in an information system based on zero trust in users.

2022 ◽  
Author(s):  
Martin Benoît Azanguezet Quimatio ◽  
TSOGNONG FIDELE ◽  
Marcellin Julius Nkenlifack

Abstract Companies' information systems are regularly exposed to internal attacks perpetrated by users who have been granted access to the system. Discretionary, mandatory, role-based and organization-based access control models do not guarantee optimal protection against these attacks because these models trust in users. Therefore, they are unable to protect the system against attacks carried out by authenticated users, especially the super user who can carry out any type of internal attack on information system's data. The objective of this paper is to propose a model that excludes any trust in users. To do so, our model extends the OrBAC (Organization Based Access Control) model by integrating two concepts: the organizational hierarchy and the redundant authentication. The model thus implemented offers a hierarchical and redundant access control to data and processing in an information system based on zero trust in users.


2022 ◽  
Author(s):  
Martin Benoît Azanguezet Quimatio ◽  
TSOGNONG FIDELE ◽  
Marcellin Julius Nkenlifack

Abstract Companies' information systems are regularly exposed to internal attacks perpetrated by users who have been granted access to the system. Discretionary, mandatory, role-based and organization-based access control models do not guarantee optimal protection against these attacks because these models trust in users. Therefore, they are unable to protect the system against attacks carried out by authenticated users, especially the super user who can carry out any type of internal attack on information system's data. The objective of this paper is to propose a model that excludes any trust in users. To do so, our model extends the OrBAC (Organization Based Access Control) model by integrating two concepts: the organizational hierarchy and the redundant authentication. The model thus implemented offers a hierarchical and redundant access control to data and processing in an information system based on zero trust in users.


2022 ◽  
Author(s):  
Martin Benoît Azanguezet Quimatio ◽  
TSOGNONG FIDELE ◽  
Marcellin Julius Nkenlifack

Abstract Companies' information systems are regularly exposed to internal attacks perpetrated by users who have been granted access to the system. Discretionary, mandatory, role-based and organization-based access control models do not guarantee optimal protection against these attacks because these models trust in users. Therefore, they are unable to protect the system against attacks carried out by authenticated users, especially the super user who can carry out any type of internal attack on information system's data. The objective of this paper is to propose a model that excludes any trust in users. To do so, our model extends the OrBAC (Organization Based Access Control) model by integrating two concepts: the organizational hierarchy and the redundant authentication. The model thus implemented offers a hierarchical and redundant access control to data and processing in an information system based on zero trust in users.


2022 ◽  
Author(s):  
Martin Benoît Azanguezet Quimatio ◽  
TSOGNONG FIDELE ◽  
Marcellin Julius Nkenlifack

Abstract Companies' information systems are regularly exposed to internal attacks perpetrated by users who have been granted access to the system. Discretionary, mandatory, role-based and organization-based access control models do not guarantee optimal protection against these attacks because these models trust in users. Therefore, they are unable to protect the system against attacks carried out by authenticated users, especially the super user who can carry out any type of internal attack on information system's data. The objective of this paper is to propose a model that excludes any trust in users. To do so, our model extends the OrBAC (Organization Based Access Control) model by integrating two concepts: the organizational hierarchy and the redundant authentication. The model thus implemented offers a hierarchical and redundant access control to data and processing in an information system based on zero trust in users.


Author(s):  
Zhixiong Zhang ◽  
Xinwen Zhang ◽  
Ravi Sandhu

This chapter addresses the problem that traditional role-base access control (RBAC) models do not scale up well for modeling security policies spanning multiple organizations. After reviewing recently proposed Role and Organization Based Access Control (ROBAC) models, an administrative ROBAC model called AROBAC07 is presented and formalized in this chapter. Two examples are used to motivate and demonstrate the usefulness of ROBAC. Comparison between AROBAC07 and other administrative RBAC models are given. We show that ROBAC/AROBAC07 can significantly reduce administration complexity for applications involving a large number of organizational units. Finally, an application compartment-based delegation model is introduced, which provides a method to construct administrative role hierarchy in AROBAC07. We show that the AROBAC07 model provides convenient ways to decentralize administrative tasks for ROBAC systems and scales up well for role-based systems involving a large number of organizational units.


2018 ◽  
Vol 7 (4.6) ◽  
pp. 49
Author(s):  
Rajanikanth Aluvalu ◽  
Krishna Keerthi Chennam ◽  
M. A.Jabbar ◽  
Shaik Sarfaraz Ahamed

Secure interactions between collaborative organizations having their applications and data stored in “Cloud Computing” are a critical issue. Access control is the biggest challenge and trust is regarded as an essential secured relationship within a distributed system. Basic access control models, like Discretionary Access Control, Mandatory Access Control, and Role Based Access Control, cannot satisfy requirements in such environment, and need some improvements. During the collaboration, the attitude of the user may change. Therefore, in this context, adding trust management to an access control model is mandatory. To achieve this goal, in this paper, a new trust model to control access in the cloud is proposed. The aim is to monitor in real-time security for collaborative organizations, having decided to migrate to the cloud.  


2018 ◽  
Vol 7 (2.8) ◽  
pp. 554
Author(s):  
Geetanjali Sinha ◽  
Prabhu Shankar K.C ◽  
Shaurya Jain

Hospitals across the world are adapting to Electronic Hospital Information Systems and are moving away from the manual paper systems to provide patients efficient services. Numerous Access ControlModels have been deployed for securing patient privacy one of them being Role Based Access Control Model (RBAC). The current models merely allow access on the basis of roles and role hierarchy without actually understanding the real intention of the person accessing the system. This could lead to a compromise of patient privacy and thus new methods have been evolving. In this survey we will see an evolution of the access control models which lead to the discovery of KC-RBAC (Knowledge Constrained Role Based Access Control) Model which takes into consideration the knowledge related to the medical domain along with the role to provide authorization.


2014 ◽  
Vol 989-994 ◽  
pp. 4751-4754
Author(s):  
Yu Lan Zhao ◽  
Chun Feng Jiang

How to prevent illegal users from sharing system resources was one of the main purposes for MAGNET Security Group. This paper introduced some major access control models such as traditional access control models, role-based access control model (RBAC), task-based access control model (TBAC) and role-task-based access control model (T-RBAC). In the end, a feasible scheme PN_T-RBAC was proposed at the base of the T-RBAC model in existence, which was suitable for the coalition environment of personal networks.


Sign in / Sign up

Export Citation Format

Share Document