scholarly journals Eksplorasi ABAC dan XACML untuk Design Access Control pada Resource Digital

2019 ◽  
Vol 6 (5) ◽  
pp. 535
Author(s):  
Fauzan Natsir ◽  
Imam Riadi ◽  
Yudi Prayudi
Keyword(s):  
Access Control ◽  
System Analysis ◽  
Policy Design ◽  
Control Policy ◽  
Control Model ◽  
Policy Statement ◽  
Access Control Policy ◽  
Access Control Model ◽  
Digital Resources ◽  
Attribute Based Access Control

<p class="Abstrak"><em>Resource digital </em>memerlukan sebuah mekanisme untuk mengatur<em> policy </em>terhadap kontrol untuk mendapatkan hak<em> </em>akes ke dalam suatu sistem. Akses kontrol lebih fleksibel dibanding dengan pendekatan otorisasi, autentikasi ataupun verifikasi yang sangat sederhana. Mekanisme <em>access control policy</em> dengan pendekatan atribut diyakini sebagai solusi adaptif yaitu ABAC (<em>Attribute Based Access Control</em>) dengan implementasi model XACML (<em>Extensible Access Control Modelling Language</em>). Desain <em>policy</em> ABAC ini disajikan dengan atribut-atribut dari salah satu studi kasus <em>resource digital</em> dengan sistem <em>e-Library</em>. <em>e-Library</em> merupakan salah satu resource digital dimana proses autentikasinya belum dimodelkan dengan atrubut subjek yang ada. Penelitian ini diawali dari identifikasi atribut dari <em>rule</em>, pemodelan ABAC<em> resource digital</em>, implementasi XACML, simulasi sistem dan analisis sistem. Hasil dari<em> </em>pengujian akses kontrol menggunakan <em>ALFA (Axiomatics Language for Authorization)</em> untuk pemberian kinerja akses kontrol terhadap <em>resource digital</em>. Hasil analisis dengan pendekatan ABAC dengan model XACML ini menyajikan suatu keamanan sistem dengan model akses kontrol berbasis atribut dari <em>policy statement</em> untuk menjadi solusi model akses kontrol yang dibuat sebelumnya dan mendukung model akses kontrol yang relevan untuk <em>resource digital</em></p><p class="Abstrak"><em><br /></em></p><p class="Abstrak"><strong><em>Abstract</em></strong></p><p class="Judul2"><em>Digital resources require a mechanism to regulate policy against controls to get access rights to a system. Access control is more flexible than the very simple approach of authorization, authentication or verification. The access control policy with the attribute approach is believed to be an adaptive solution, namely ABAC (Attribute Based Access Control) with the implementation of the XACML (Extensible Access Control Modeling Language) model. This ABAC policy design is presented with attributes from one of the digital resource case studies with the e-Library system. e-Library is one of the digital resources where the authentication process has not been modeled with the existing subject matter. This study begins with the identification of the attributes of the rule, digital ABAC resource modeling, XACML implementation, system simulation and system analysis. The results of testing access control using ALFA (Axiomatics Language for Authorization) to provide performance control access to digital resources. The results of the analysis using the ABAC approach with the XACML model present a system security with attribute-based access control models from policy statements to be a solution to the previously created access control model and support the access control model relevant for digital resources</em><em></em></p><p class="Abstrak"><strong><em><br /></em></strong></p>

scholarly journals KONSEP ATTRIBUTE BASED ACCESS CONTROL (ABAC) PADA LEMARI PENYIMPANAN BUKTI DIGITAL (LPBD)

2018 ◽  
Vol 11 (1) ◽  
pp. 85-94
Author(s):  
Moh Fadly Panende ◽  
Imam Riadi ◽  
Yudi Prayudi
Keyword(s):  
Access Control ◽  
Control Policy ◽  
Control Model ◽  
Digital Evidence ◽  
Access Control Policy ◽  
Access Control Model ◽  
Control Approach ◽  
Policy Model ◽  
Attribute Based Access Control ◽  
Good Access

Abstract An important factor of the investigation into cybercrime cases is the case relating to the evidence found. Electronic evidence and digital evidence found in criminal cases should be maintained from the outset, to be held accountable for justice. Sistem digital evidence storage cabinets (LPBD) is one solution to overcome the management of digital evidence is based on digital evidence cabinet (DEC), only the system is not equipped with a good access control model. The LPBD system needs to be built not only on the issue of digital evidence management, but other important components in the digital proof storage cabinet itself, access arrangements, so that the scheme or the design of access control policies on LPBD is very important. The access controls used on previous LPBDs are only done by authentication mechanisms and User authorization mechanisms, no other more complex parameters to support requests made on LPBD systems. In the absence of a good access control model design scheme for LPBD, it is necessary to design an access control policy model using the attribute-based access control approach (ABAC) because ABAC is a more flexible access control model in the application of attributes to users , and the. XACML hierarchy can support control requirements access used in digital evidence storage cabinets (LPBD).  ABSTRAK Faktor penting dalam proses investigasi sebuah kasus cybercrime yaitu hal yang terkait dengan barang bukti yang ditemukan. Bukti elektronik maupun bukti digital yang ditemukan dalam sebuah kasus kejahatan harus tetap terjaga keasliannya, untuk dapat dipertanggung jawabkan dipengadilan. Sistem lemari penyimpanan bukti digital (LPBD) menjadi salah satu solusi untuk permasalahan manajemen bukti digital ini yang berdasar pada digital evidence cabinet (DEC), hanya saja sistem tersebut belum dilengkapi dengan model access control yang baik. Sistem LPBD seharusnya dibuat tidak hanya berdasar pada permasalahan-permasalahan tentang manajemen bukti digital saja, akan tetapi komponen-komponen penting lainnya dalam lemari penyimpanan bukti digital itu sendiri yaitu pengaturan aksesnya, sehingga skema atau desain access control policy terhadap LPBD menjadi sangat penting. Access control yang gunakan terhadap LPBD sebelumnya dibuat hanya dengan mekanisme authefikasi dan authorisasi user saja, tidak adanya parameter lain yang lebih kompleks untuk mendukung  sebuah request yang dilakukan pada sistem LPBD. Mengingat belum adanya skema rancangan model access control yang baik pada LPBD ini, maka perlu dilakukan perancangan model access control policy menggunakan pendekatan attribute based access control (ABAC) karena ABAC merupakan model access control yang lebih fleksibel dalam penerapan attribute terhadap user, dan hierarchy XACML yang dapat mendukung kebutuhan-kebutuhan access control yang digunakan pada lemari penyimpanan bukti digital (LPBD).How To Cite : Panende, M.F, Prayudi, Y. Riadi, I. (2018). KONSEP ATTRIBUTE BASED ACCESS CONTROL (ABAC) PADA LEMARI PENYIMPANAN BUKTI DIGITAL (LPBD). Jurnal Teknik Informatika, 11(1), 85-94.  doi 10.15408/jti.v11i1.7220 Permalink/DOI: http://dx.doi.org/10.15408/jti.v11i1.7220 

A Policy Based Access Control Model of PDM System

2009 ◽  
Vol 626-627 ◽  
pp. 735-740
Author(s):  
Chun Xiao Ye ◽  
Yun Qing Fu
Keyword(s):  
Access Control ◽  
System Architecture ◽  
Control Policy ◽  
System Security ◽  
Control Model ◽  
Access Control Policy ◽  
Access Control Model

In PDM system, there exist many users, such as employees, partners, and customers. To protect resource from illegal access, it is very important to enforce access control policy in PDM system. RBAC is widely used as an access control model in PDM system. But, it is difficult for RBAC to support complex access control policy. This paper proposed a simple, flexible way to express and enforce access control policy. To keep the integrity of system security and make the system administer work easier, we propose auto revocation triggered by time and access control policy in our model. At the end of this paper introduces a system architecture and auto revocation algorithm. We also give some examples to show how this model works in PDM system.

Optimistic Access Control for Collaborative Applications

2016 ◽  
pp. 125-158
Author(s):  
Asma Cherif ◽  
Abdessamad Imine
Keyword(s):  
Access Control ◽  
Control Policy ◽  
Control Model ◽  
Full Potential ◽  
Access Control Policy ◽  
Access Control Model ◽  
Final State ◽  
Shared Data ◽  
Collaborative Applications ◽  
Access Rights

Collaborative applications are important applications, allowing users to cooperate in order to perform a given task. Their importance has grown significantly over the recent years since they are required in many fields. However, they still lack of an appropriate access control mechanism which limits their full potential. It is hard to conceive an access control model for collaborative applications since they need to change dynamically access rights while maintaining high local responsiveness. This chapter presents a decentralized access control model based on replicating the shared document and its access control policy at each collaborating site. The interaction between document updates and authorizations updates is carefully studied to maintain the convergence of the shared data. Our model relies on an optimistic approach to enforce the access control, i.e. users may temporarily violate the access control policy if their rights were revoked concurrently. Illegal operations are undone selectively to eliminate their effects and converge to the same final state of the shared object.

An Access Control Model for XML Repositories

2013 ◽  
Vol 397-400 ◽  
pp. 2360-2366
Author(s):  
Hao Zhong
Keyword(s):  
Access Control ◽  
Relational Databases ◽  
Control Mechanism ◽  
Control Policy ◽  
Control Model ◽  
Coarse Grained ◽  
Access Control Policy ◽  
Access Control Model ◽  
Xml Documents ◽  
Access Control Mechanism

The XML documents are nested and semi-structured, but the traditional access control mechanism is coarse-grained and not applicable. We proposed an XML access control model (XACM) for XML repository. The XACM provides a fine granular definition for XML authorizations, which is based on the self-description characteristic of XML. We also discuss how to use the XACM to automatically preserve the access control policy, when relational databases are published as XML documents. Finally, we present the implementation of the XACM in an actual XML publisher system. Comparing with existing related works, the XACM is more flexible, efficient and less overheads.

A Role-Performance Strategy of State Grid Unified Application Platform

2014 ◽  
Vol 701-702 ◽  
pp. 189-193
Author(s):  
Wei Wei Li ◽  
Chen Wang ◽  
Cheng Zhou ◽  
Jian Shi
Keyword(s):  
Access Control ◽  
Scale Up ◽  
Control Policy ◽  
Control Model ◽  
Role Performance ◽  
Access Control Policy ◽  
Access Control Model ◽  
Power Enterprise ◽  
Long Time ◽  
And Control

Based on the State Grid Unified Application Platform as the carrier, this paper proposed an extensible access control policy. For a long time, the combination of electric power enterprise internal environment and traditional access control are very inadequate. The traditional access control model on the current unified platform access and control permissions interaction problems is almost blank. Therefore, this paper puts forward an improved access control model. The model has solves some key problems of access control in State Grid Unified Application Platform , such as specific role division, interaction between roles, permissions delivery, senior role inherited permissions unlimited scale-up, and permissions linkage.

Supporting Complex Access Control Policy in PDM System

2009 ◽  
Vol 16-19 ◽  
pp. 703-707
Author(s):  
Chun Xiao Ye ◽  
Yun Qing Fu ◽  
Hong Xiang
Keyword(s):  
Access Control ◽  
Control Policy ◽  
Control Model ◽  
Access Control Policy ◽  
Access Control Model ◽  
Control Policies ◽  
Role Assignment ◽  
Access Control Policies ◽  
Extended Access ◽  
Model Complex

Based on previous works, this paper proposed an extended access control model for PDM system. In this model, complex access control policies are expressed and enforced to ensure the security of user role assignment, delegation and revocation of PDM system. To reduce system administrator’s work, the model provides an auto revocation mechanism which can be triggered by time, access control policies and user states. This paper also propose an implementation system architecture, an auto revocation algorithm and some examples to show how this complex policy supported access control model works in PDM system.

scholarly journals T-RBAC based Multi-domain Access Control Method in Cloud

2017 ◽  
Vol 8 (4) ◽  
pp. 29
Author(s):  
Dapeng Xiong ◽  
Liang Chen
Keyword(s):  
Access Control ◽  
Control Method ◽  
Comparative Trial ◽  
Control Policy ◽  
Control Model ◽  
Control Technology ◽  
Cloud Environment ◽  
Access Control Policy ◽  
Driving Model ◽  
And Task

Access control technology protects cloud from being accessed illegal. However, traditional access control technology cannot meet the new features of the cloud environment. In order to improve the deficiency of the current multi domain access control in timeliness and flexibility. This paper put forward a dynamic access control policy on the basis of task driving idea. New method combined the advantage of RBAC and task driving model, joined with limit aging and real time strategy synthesis. Comparative trial show that new policy had an advantage in flexibility and availability of multi-domain access control model.

Sign in / Sign up

Export Citation Format

Share Document