Enterprise Access Control Policy Engineering Framework

Handbook of Research on Information Security and Assurance ◽

10.4018/978-1-59904-855-0.ch028 ◽

2009 ◽

pp. 331-340

Author(s):

Arjmand Samuel

Keyword(s):

Access Control ◽

Control Policy ◽

Control Mechanisms ◽

Access Control Policy ◽

Access Control Models ◽

Engineering Activity ◽

The Subject ◽

Test Suite Generation ◽

Depth View ◽

Control Implementation

This chapter outlines the overall access control policy engineering framework in general and discusses the subject of validation of access control mechanisms in particular. Requirements of an access control policy language are introduced and their underlying organizational philosophy is discussed. Next, a number of access control models are discussed and a brief outline of various policy verification approaches is presented. A methodology for validation of access control implementations is presented along with two approaches for test suite generation, that is, complete FSM based and heuristics based. This chapter is aimed at providing an overview of the access control policy engineering activity and in-depth view of one approach to device test cases for an access control implementation mechanism.

Download Full-text

Access Control in Mobile and Ubiquitous Environments

Context-Aware Mobile and Ubiquitous Computing for Enhanced Usability ◽

10.4018/978-1-60566-290-9.ch012 ◽

2011 ◽

pp. 278-294 ◽

Cited By ~ 2

Author(s):

Laurent Gomez ◽

Annett Laube ◽

Alessandro Sorniotti

Keyword(s):

Access Control ◽

User Authentication ◽

Control Policy ◽

Wireless Sensor ◽

Role Based Access Control ◽

Control Mechanisms ◽

Mobile Environment ◽

Access Control Policy ◽

New Techniques ◽

Role Based

Access control is the process of granting permissions in accordance to an authorization policy. Mobile and ubiquitous environments challenge classical access control solutions like Role-Based Access Control. The use of context-information during policy definition and access control enforcement offers more adaptability and flexibility needed for these environments. When it comes to low-power devices, such as wireless sensor networks, access control enforcement is normally too heavy for such resourceconstrained devices. Lightweight cryptography allows encrypting the data right from its production and the access is therefore intrinsically restricted. In addition, all access control mechanisms require an authenticated user. Traditionally, user authentication is performed by means of a combination of authentication factors, statically specified in the access control policy of the authorization service. Within ubiquitous and mobile environment, there is a clear need for a flexible user authentication using the available authentication factors. In this chapter, different new techniques to ensure access control are discussed and compared to the state-of-the-art.

Download Full-text