scholarly journals Analysis of ANSI RBAC Support in EJB

2012 ◽  
pp. 177-204
Author(s):  
Wesam Darwish ◽  
Konstantin Beznosov
Keyword(s):  
Access Control ◽  
National Standard ◽  
Role Based Access Control ◽  
Control Mechanisms ◽  
Operational Environment ◽  
Functional Specification ◽  
Fundamental Limitations ◽  
Role Based ◽  
Java Beans ◽  
Enterprise Java

This paper analyzes access control mechanisms of the Enterprise Java Beans (EJB) architecture and defines a configuration of the EJB protection system in a more precise and less ambiguous language than the EJB 3.0 standard. Using this configuration, the authors suggest an algorithm that formally specifies the semantics of authorization decisions in EJB. The level of support is analyzed for the American National Standard Institute’s (ANSI) specification of Role-Based Access Control (RBAC) components and functional specification in EJB. The results indicate that the EJB specification falls short of supporting even Core ANSI RBAC. EJB extensions dependent on the operational environment are required in order to support ANSI RBAC required components. Other vendor-specific extensions are necessary to support ANSI RBAC optional components. Fundamental limitations exist, however, due to the impracticality of some aspects of the ANSI RBAC standard itself. This paper sets up a framework for assessing implementations of ANSI RBAC for EJB systems.

scholarly journals Analysis of ANSI RBAC Support in EJB

2011 ◽  
Vol 2 (2) ◽  
pp. 25-52
Author(s):  
Wesam Darwish ◽  
Konstantin Beznosov
Keyword(s):  
Access Control ◽  
National Standard ◽  
Role Based Access Control ◽  
Control Mechanisms ◽  
Operational Environment ◽  
Functional Specification ◽  
Fundamental Limitations ◽  
Role Based ◽  
Java Beans ◽  
Enterprise Java

This paper analyzes access control mechanisms of the Enterprise Java Beans (EJB) architecture and defines a configuration of the EJB protection system in a more precise and less ambiguous language than the EJB 3.0 standard. Using this configuration, the authors suggest an algorithm that formally specifies the semantics of authorization decisions in EJB. The level of support is analyzed for the American National Standard Institute’s (ANSI) specification of Role-Based Access Control (RBAC) components and functional specification in EJB. The results indicate that the EJB specification falls short of supporting even Core ANSI RBAC. EJB extensions dependent on the operational environment are required in order to support ANSI RBAC required components. Other vendor-specific extensions are necessary to support ANSI RBAC optional components. Fundamental limitations exist, however, due to the impracticality of some aspects of the ANSI RBAC standard itself. This paper sets up a framework for assessing implementations of ANSI RBAC for EJB systems.

Access Control in Mobile and Ubiquitous Environments

2010 ◽  
pp. 1481-1497
Author(s):  
Laurent Gomez ◽  
Annett Laube ◽  
Alessandro Sorniotti
Keyword(s):  
Access Control ◽  
User Authentication ◽  
Control Policy ◽  
Wireless Sensor ◽  
Role Based Access Control ◽  
Control Mechanisms ◽  
Mobile Environment ◽  
New Techniques ◽  
Role Based ◽  
Resource Constrained Devices

Access control is the process of granting permissions in accordance to an authorization policy. Mobile and ubiquitous environments challenge classical access control solutions like Role-Based Access Control. The use of context-information during policy definition and access control enforcement offers more adaptability and flexibility needed for these environments. When it comes to low-power devices, such as wireless sensor networks, access control enforcement is normally too heavy for such resource-constrained devices. Lightweight cryptography allows encrypting the data right from its production and the access is therefore intrinsically restricted. In addition, all access control mechanisms require an authenticated user. Traditionally, user authentication is performed by means of a combination of authentication factors, statically specified in the access control policy of the authorization service. Within ubiquitous and mobile environment, there is a clear need for a flexible user authentication using the available authentication factors. In this chapter, different new techniques to ensure access control are discussed and compared to the state-of-the-art.

Use of Purpose and Role Based Access Control Mechanisms to Protect Data Within RDBMS

2020 ◽  
Vol 8 (1) ◽  
pp. 82-91
Author(s):  
Suraj Krishna Patil ◽  
Sandipkumar Chandrakant Sagare ◽  
Alankar Shantaram Shelar
Keyword(s):  
Access Control ◽  
Privacy Preservation ◽  
Original Data ◽  
Sensitive Information ◽  
Role Based Access Control ◽  
Control Mechanisms ◽  
Sensitive Data ◽  
Access To Resources ◽  
Key Factor ◽  
Role Based

Privacy is the key factor to handle personal and sensitive data, which in large chunks, is stored by database management systems (DBMS). It provides tools and mechanisms to access and analyze data within it. Privacy preservation converts original data into some unknown form, thus protecting personal and sensitive information. Different access control mechanisms such as discretionary access control, mandatory access control is used in DBMS. However, they hardly consider purpose and role-based access control in DBMS, which incorporates policy specification and enforcement. The role based access control (RBAC) regulates the access to resources based on the roles of individual users. Purpose based access control (PuBAC) regulates the access to resources based on purpose for which data can be accessed. It regulates execution of queries based on purpose. The PuRBAC system uses the policies of both, i.e. PuBAC and RBAC, to enforce within RDBMS.

scholarly journals Role-Mining Optimization with Separation-of-Duty Constraints and Security Detections for Authorizations

2019 ◽  
Vol 11 (9) ◽  
pp. 201 ◽  
Author(s):  
Wei Sun ◽  
Shiwei Wei ◽  
Huaping Guo ◽  
Hongbing Liu
Keyword(s):  
Access Control ◽  
Optimization Approach ◽  
Role Based Access Control ◽  
Control Mechanisms ◽  
Engineering Technology ◽  
Role Mining ◽  
Novel Method ◽  
Separation Of Duty ◽  
Role Based ◽  
The Given

Role-based access control (RBAC), which has been regarded as one of the most popular access-control mechanisms, is featured by the separation-of-duty constraints, mutually exclusive constraints, and the least-privileges principle. Role mining, a bottom-up role-engineering technology, is an effective method to migrate from a non-RBAC system to an RBAC system. However, conventional role-mining approaches not only do not consider the separation of duty constraints, but also cannot ensure the security of a constructed RBAC system when the corresponding mined results violate the separation of a duty constraint and/or the least-privileges principle. To solve these problems, this paper proposes a novel method called role-mining optimization with separation-of-duty constraints and security detections for authorizations (RMO_SODSDA), which mainly includes two aspects. First, we present a role-mining-optimization approach for satisfying the separation of duty constraints, and we constructed different variants of mutually exclusive constraints to correctly implement the given separation of duty constraints based on unconstrained role mining. Second, to ensure the security of the constructed system and evaluate authorization performance, we reduced the authorization-query problem to a maximal-satisfiability problem. The experiments validate the effectiveness and efficiency of the proposed method.

Access Control in Mobile and Ubiquitous Environments

2011 ◽  
pp. 278-294 ◽  
Author(s):  
Laurent Gomez ◽  
Annett Laube ◽  
Alessandro Sorniotti
Keyword(s):  
Access Control ◽  
User Authentication ◽  
Control Policy ◽  
Wireless Sensor ◽  
Role Based Access Control ◽  
Control Mechanisms ◽  
Mobile Environment ◽  
Access Control Policy ◽  
New Techniques ◽  
Role Based

Access control is the process of granting permissions in accordance to an authorization policy. Mobile and ubiquitous environments challenge classical access control solutions like Role-Based Access Control. The use of context-information during policy definition and access control enforcement offers more adaptability and flexibility needed for these environments. When it comes to low-power devices, such as wireless sensor networks, access control enforcement is normally too heavy for such resourceconstrained devices. Lightweight cryptography allows encrypting the data right from its production and the access is therefore intrinsically restricted. In addition, all access control mechanisms require an authenticated user. Traditionally, user authentication is performed by means of a combination of authentication factors, statically specified in the access control policy of the authorization service. Within ubiquitous and mobile environment, there is a clear need for a flexible user authentication using the available authentication factors. In this chapter, different new techniques to ensure access control are discussed and compared to the state-of-the-art.

Fast and Efficient Multiview Access Control Mechanism for Cloud Based Agriculture Storage Management System

2019 ◽  
Vol 9 (1) ◽  
pp. 33-49 ◽  
Author(s):  
Kuldeep Sambrekar ◽  
Vijay S. Rajpurohit
Keyword(s):  
Access Control ◽  
Management System ◽  
Data Access ◽  
Role Based Access Control ◽  
Control Mechanisms ◽  
Gis Technology ◽  
Fine Grained ◽  
Storage Overhead ◽  
Role Based ◽  
And Storage

Agriculture and its related industries are the backbone of many countries' economic growth. To achieve an efficient agricultural management system, remote sensing forecasting and GIS technology are providing information to users/stakeholders of various agricultural application uses. This information is huge in size and is stored in the cloud computing storage environment. Minimizing data access and storage costs on such an environment is desired. For achieving fine-grained role-based access control mechanisms, researchers are now focusing on ensuring such roles are enforced correctly. Existing models, though they are using role-based access control at various levels, are facing challenges like high computation rates and storage overhead. Currently, existing systems are using XML and UML for role and user creation. To address these research challenges, this article presents a model Fast and Efficient Multi View Access Control (FEMVAC) using the Amazon S3 public cloud environment for agriculture. The model minimizes storage overhead by adopting a banarization method over UML/XML method. The experimental outcome shows that the FEMVAC method is efficient compared with existing models.

scholarly journals An Enhancement Role and Attribute Based Access Control Mechanism in Big Data

2018 ◽  
Vol 8 (5) ◽  
pp. 3187
Author(s):  
M Meneka ◽  
K. Meenakshisundaram
Keyword(s):  
Big Data ◽  
Access Control ◽  
Control Mechanism ◽  
Security Policies ◽  
Role Based Access Control ◽  
Control Mechanisms ◽  
Computational Overhead ◽  
Access Control Mechanism ◽  
Attribute Based Access Control ◽  
Role Based

To be able to leverage big data to achieve enhanced strategic insight and make informed decision, an efficient access control mechanism is needed for ensuring end to end security of such information asset. Attribute Based Access Control (ABAC), Role Based Access Control (RBAC) and Event Based Access Control (EBAC) are widely used access control mechanisms. The ABAC system is much more complex in terms of policy reviews, hence analyzing the policy and reviewing or changing user permission are quite complex task. RBAC system is labor intensive and time consuming to build a model instance and it lacks flexibility to efficiently adapt to changing user’s, objects and security policies. EBAC model considered only the events to allocate access controls. Yet these mechanisms have limitations and offer feature complimentary to each other. So in this paper, Event-Role-Attribute based fine grained Access Control mechanism is proposed, it provide a flexible boundary which effectively adapt to changing user’s, objects and security policies based on the event. The flexible boundary is achieved by using temporal and environment state of an event. It improves the big data security and overcomes the disadvantages of the ABAC and RBAC mechanisms. The experiments are conducted to prove the effectiveness of the proposed Event-Role-Attribute based Access Control mechanism over ABAC and RBAC in terms of computational overhead.

A Tool Supporting End-User Development of Access Control in Web Applications

2015 ◽  
Vol 25 (02) ◽  
pp. 307-331 ◽  
Author(s):  
Loredana Caruccio ◽  
Vincenzo Deufemia ◽  
Christopher D'Souza ◽  
Athula Ginige ◽  
Giuseppe Polese
Keyword(s):  
Access Control ◽  
Web Applications ◽  
User Study ◽  
Role Based Access Control ◽  
Control Mechanisms ◽  
Complex Task ◽  
End User ◽  
Access Control Policies ◽  
Application Logic ◽  
Role Based

End-user development (EUD) is drawing an increasing attention due to the necessity of users to frequently extend and personalize their applications. In particular, EUD in the context of Web (EUDWeb) is focusing on technologies capable of supporting development tasks that the end-user feels more complex. However, although the specification and implementation of access control is perceived as a particularly complex task, little efforts have been made to support it within current EUDWeb environments. Thus, in this paper we propose an EUDWeb framework and tool for the specification and the generation of web applications embedding access control mechanisms. We extended a previous mockup-based EUDWeb approach, by introducing visual assistance mechanisms enabling the specification of role-based access control policies, and their integration within the application logic. The usability of the proposed framework has been evaluated by means of a user study, in which we have shown that a group of heterogeneous end-users could proficiently use the proposed framework to develop meaningful web applications, some of which including access control functionalities.

Sign in / Sign up

Export Citation Format

Share Document