Use of Purpose and Role Based Access Control Mechanisms to Protect Data Within RDBMS

2020 ◽  
Vol 8 (1) ◽  
pp. 82-91
Author(s):  
Suraj Krishna Patil ◽  
Sandipkumar Chandrakant Sagare ◽  
Alankar Shantaram Shelar
Keyword(s):  
Access Control ◽  
Privacy Preservation ◽  
Original Data ◽  
Sensitive Information ◽  
Role Based Access Control ◽  
Control Mechanisms ◽  
Sensitive Data ◽  
Access To Resources ◽  
Key Factor ◽  
Role Based

Privacy is the key factor to handle personal and sensitive data, which in large chunks, is stored by database management systems (DBMS). It provides tools and mechanisms to access and analyze data within it. Privacy preservation converts original data into some unknown form, thus protecting personal and sensitive information. Different access control mechanisms such as discretionary access control, mandatory access control is used in DBMS. However, they hardly consider purpose and role-based access control in DBMS, which incorporates policy specification and enforcement. The role based access control (RBAC) regulates the access to resources based on the roles of individual users. Purpose based access control (PuBAC) regulates the access to resources based on purpose for which data can be accessed. It regulates execution of queries based on purpose. The PuRBAC system uses the policies of both, i.e. PuBAC and RBAC, to enforce within RDBMS.

Access Control in Mobile and Ubiquitous Environments

2010 ◽  
pp. 1481-1497
Author(s):  
Laurent Gomez ◽  
Annett Laube ◽  
Alessandro Sorniotti
Keyword(s):  
Access Control ◽  
User Authentication ◽  
Control Policy ◽  
Wireless Sensor ◽  
Role Based Access Control ◽  
Control Mechanisms ◽  
Mobile Environment ◽  
New Techniques ◽  
Role Based ◽  
Resource Constrained Devices

Access control is the process of granting permissions in accordance to an authorization policy. Mobile and ubiquitous environments challenge classical access control solutions like Role-Based Access Control. The use of context-information during policy definition and access control enforcement offers more adaptability and flexibility needed for these environments. When it comes to low-power devices, such as wireless sensor networks, access control enforcement is normally too heavy for such resource-constrained devices. Lightweight cryptography allows encrypting the data right from its production and the access is therefore intrinsically restricted. In addition, all access control mechanisms require an authenticated user. Traditionally, user authentication is performed by means of a combination of authentication factors, statically specified in the access control policy of the authorization service. Within ubiquitous and mobile environment, there is a clear need for a flexible user authentication using the available authentication factors. In this chapter, different new techniques to ensure access control are discussed and compared to the state-of-the-art.

scholarly journals Role-Mining Optimization with Separation-of-Duty Constraints and Security Detections for Authorizations

2019 ◽  
Vol 11 (9) ◽  
pp. 201 ◽  
Author(s):  
Wei Sun ◽  
Shiwei Wei ◽  
Huaping Guo ◽  
Hongbing Liu
Keyword(s):  
Access Control ◽  
Optimization Approach ◽  
Role Based Access Control ◽  
Control Mechanisms ◽  
Engineering Technology ◽  
Role Mining ◽  
Novel Method ◽  
Separation Of Duty ◽  
Role Based ◽  
The Given

Role-based access control (RBAC), which has been regarded as one of the most popular access-control mechanisms, is featured by the separation-of-duty constraints, mutually exclusive constraints, and the least-privileges principle. Role mining, a bottom-up role-engineering technology, is an effective method to migrate from a non-RBAC system to an RBAC system. However, conventional role-mining approaches not only do not consider the separation of duty constraints, but also cannot ensure the security of a constructed RBAC system when the corresponding mined results violate the separation of a duty constraint and/or the least-privileges principle. To solve these problems, this paper proposes a novel method called role-mining optimization with separation-of-duty constraints and security detections for authorizations (RMO_SODSDA), which mainly includes two aspects. First, we present a role-mining-optimization approach for satisfying the separation of duty constraints, and we constructed different variants of mutually exclusive constraints to correctly implement the given separation of duty constraints based on unconstrained role mining. Second, to ensure the security of the constructed system and evaluate authorization performance, we reduced the authorization-query problem to a maximal-satisfiability problem. The experiments validate the effectiveness and efficiency of the proposed method.

Privacy Preservation in Role-based Access Control Model

2011 ◽  
Vol 6 (8) ◽  
Author(s):  
Zuo Chen ◽  
Qiuwei Yang ◽  
Xin Wan ◽  
Yuanyan Tu ◽  
Fei Yu ◽  
...  
Keyword(s):  
Access Control ◽  
Privacy Preservation ◽  
Control Model ◽  
Role Based Access Control ◽  
Access Control Model ◽  
Role Based

Analysis of Healthcare Workflows in Accordance with Access Control Policies

2016 ◽  
Vol 11 (1) ◽  
pp. 1-20 ◽  
Author(s):  
Sandeep Lakaraju ◽  
Dianxiang Xu ◽  
Yong Wang
Keyword(s):  
Access Control ◽  
Sensitive Information ◽  
Control Mechanisms ◽  
Healthcare Organizations ◽  
Sensitive Data ◽  
Healthcare Information ◽  
Control Policies ◽  
Crucial Element ◽  
Access Control Policies ◽  
Context Element

Healthcare information systems deal with sensitive data across complex workflows. They often allow various stakeholders from different environments to access data across organizational boundaries. This elevates the risk of exposing sensitive healthcare information to unauthorized personnel, leading ‘controlling access to resources' a major concern. To prevent unwanted access to sensitive information, healthcare organizations need to adopt effective workflows and access control mechanisms. Many healthcare organizations are not yet considering or do not know how to accommodate the ‘context' element as a crucial element in their workflows and access control policies. The authors envision the future of healthcare where ‘context' will be considered as a crucial element. They can accommodate context through a new element ‘environment' in workflows, and can accommodate context in policies through well-known attribute based access control mechanism (ABAC). This research mainly addresses these problems by proposing a model to integrate workflows and access control policies and thereby identifying workflow activities that are not being protected by access control policies and improving the workflow activities and/or existing access control policies using SARE (Subject, Action, Resource, and environment) elements.

scholarly journals Ethical Access Control in the Era of Data Breaches

2019 ◽  
Author(s):  
A. S. M. Kayes ◽  
Mohammad Jabed Morshed Chowdhury ◽  
Fatma Mohammed ◽  
Alex Ng ◽  
Paul Watters ◽  
...  
Keyword(s):  
Access Control ◽  
Control Policy ◽  
Role Based Access Control ◽  
Sensitive Data ◽  
Data Breaches ◽  
The Social ◽  
Social Media Platforms ◽  
Decision Making Processes ◽  
Role Based ◽  
Future Policy

The worldwide interconnected objects, called Internet of Things (IoTs), have been increasingly growing in the last several years. Different social media platforms and devices are continuously generating data about individuals and facilitate the technological and the social convergence of their Internet-based data and services with globalized users. These social and device-related IoTs create rooms for data breaches as such platforms provide ability to collect private and sensitive data. We assert that data breaches are fundamentally failures of access control - most users are too busy or technically ill-equipped to understand access control policy expressions and decisions. We argue that this is symptomatic of globalised societies structured by the conditions of algorithmic modernity; an era in which our data is increasingly interdependent on, and enmeshed with, ever more complex systems and processes that are vulnerable to attack. Ethically managing data breaches is now too complex for current access control systems, such as Role-Based Access Control (RBAC) and Context-Aware Access Control (CAAC). These systems do not provide an explicit mechanism to engage in decision making processes, about who should have access to what data and when, that are involved in data breaches. We argue that a policy ontology will contribute towards the development of Ethical CAAC better suited to attributing accountability for data breaches in the context of algorithmic modernity. We interrogate our proposed Ethical CAAC as a theoretical construct with implications for future policy ontology models and data breach countermeasures. An experimental study on the performance of the proposed framework is carried out with respect to a more generic CAAC framework.

Access Control in Mobile and Ubiquitous Environments

2011 ◽  
pp. 278-294 ◽  
Author(s):  
Laurent Gomez ◽  
Annett Laube ◽  
Alessandro Sorniotti
Keyword(s):  
Access Control ◽  
User Authentication ◽  
Control Policy ◽  
Wireless Sensor ◽  
Role Based Access Control ◽  
Control Mechanisms ◽  
Mobile Environment ◽  
Access Control Policy ◽  
New Techniques ◽  
Role Based

Access control is the process of granting permissions in accordance to an authorization policy. Mobile and ubiquitous environments challenge classical access control solutions like Role-Based Access Control. The use of context-information during policy definition and access control enforcement offers more adaptability and flexibility needed for these environments. When it comes to low-power devices, such as wireless sensor networks, access control enforcement is normally too heavy for such resourceconstrained devices. Lightweight cryptography allows encrypting the data right from its production and the access is therefore intrinsically restricted. In addition, all access control mechanisms require an authenticated user. Traditionally, user authentication is performed by means of a combination of authentication factors, statically specified in the access control policy of the authorization service. Within ubiquitous and mobile environment, there is a clear need for a flexible user authentication using the available authentication factors. In this chapter, different new techniques to ensure access control are discussed and compared to the state-of-the-art.

Fast and Efficient Multiview Access Control Mechanism for Cloud Based Agriculture Storage Management System

2019 ◽  
Vol 9 (1) ◽  
pp. 33-49 ◽  
Author(s):  
Kuldeep Sambrekar ◽  
Vijay S. Rajpurohit
Keyword(s):  
Access Control ◽  
Management System ◽  
Data Access ◽  
Role Based Access Control ◽  
Control Mechanisms ◽  
Gis Technology ◽  
Fine Grained ◽  
Storage Overhead ◽  
Role Based ◽  
And Storage

Agriculture and its related industries are the backbone of many countries' economic growth. To achieve an efficient agricultural management system, remote sensing forecasting and GIS technology are providing information to users/stakeholders of various agricultural application uses. This information is huge in size and is stored in the cloud computing storage environment. Minimizing data access and storage costs on such an environment is desired. For achieving fine-grained role-based access control mechanisms, researchers are now focusing on ensuring such roles are enforced correctly. Existing models, though they are using role-based access control at various levels, are facing challenges like high computation rates and storage overhead. Currently, existing systems are using XML and UML for role and user creation. To address these research challenges, this article presents a model Fast and Efficient Multi View Access Control (FEMVAC) using the Amazon S3 public cloud environment for agriculture. The model minimizes storage overhead by adopting a banarization method over UML/XML method. The experimental outcome shows that the FEMVAC method is efficient compared with existing models.

scholarly journals An Enhancement Role and Attribute Based Access Control Mechanism in Big Data

2018 ◽  
Vol 8 (5) ◽  
pp. 3187
Author(s):  
M Meneka ◽  
K. Meenakshisundaram
Keyword(s):  
Big Data ◽  
Access Control ◽  
Control Mechanism ◽  
Security Policies ◽  
Role Based Access Control ◽  
Control Mechanisms ◽  
Computational Overhead ◽  
Access Control Mechanism ◽  
Attribute Based Access Control ◽  
Role Based

To be able to leverage big data to achieve enhanced strategic insight and make informed decision, an efficient access control mechanism is needed for ensuring end to end security of such information asset. Attribute Based Access Control (ABAC), Role Based Access Control (RBAC) and Event Based Access Control (EBAC) are widely used access control mechanisms. The ABAC system is much more complex in terms of policy reviews, hence analyzing the policy and reviewing or changing user permission are quite complex task. RBAC system is labor intensive and time consuming to build a model instance and it lacks flexibility to efficiently adapt to changing user’s, objects and security policies. EBAC model considered only the events to allocate access controls. Yet these mechanisms have limitations and offer feature complimentary to each other. So in this paper, Event-Role-Attribute based fine grained Access Control mechanism is proposed, it provide a flexible boundary which effectively adapt to changing user’s, objects and security policies based on the event. The flexible boundary is achieved by using temporal and environment state of an event. It improves the big data security and overcomes the disadvantages of the ABAC and RBAC mechanisms. The experiments are conducted to prove the effectiveness of the proposed Event-Role-Attribute based Access Control mechanism over ABAC and RBAC in terms of computational overhead.

scholarly journals Role-Based Access control mechanisms

2014 ◽  
Author(s):  
Oscar Mortagua Pereira ◽  
Diogo Domingues Regateiro ◽  
Rui L. Aguiar
Keyword(s):  
Access Control ◽  
Role Based Access Control ◽  
Control Mechanisms ◽  
Role Based

A Spatio-Situation-Based Access Control Model for Dynamic Permission on Mobile Applications

2017 ◽  
pp. 142-165
Author(s):  
Xian Shao ◽  
Steven A. Demurjian ◽  
Thomas P. Agresta
Keyword(s):  
Access Control ◽  
Mobile Applications ◽  
Control Model ◽  
Patient Data ◽  
Role Based Access Control ◽  
Sensitive Data ◽  
Access Control Model ◽  
Data Repositories ◽  
Role Based ◽  
Dynamic Authorization

As users are now able to take their mobile devices from location to location, there has been a transition from a static program running on a PC/laptop to a dynamic application that can adapt based on a variety of conditions and criteria. This highlights an emerging need to support dynamic permissions of mobile applications as a user moves from location to location based and perform different actions in particular situation. This chapter presents a Spatio-Situation-Based Access Control model that extends role-based access control to secure sensitive data for mobile applications with the ability to make dynamic authorization decisions according to the time/location and the particular situation being encountered by a user. To demonstrate the feasibility of the work, a realistic healthcare scenario examines the complex workflow of treating a patient by a physician utilizing a mobile health (mHealth) app to access patient data, as she/he moves among multiple locations at different times throughout the day/week requiring access to different patient data repositories at different times.

Sign in / Sign up

Export Citation Format

Share Document