A Comparative Analysis of Access Control Policy Modeling Approaches

2012 ◽  
Vol 3 (4) ◽  
pp. 65-83
Author(s):  
K. Shantha Kumari ◽  
T.Chithraleka
Keyword(s):  
Comparative Analysis ◽  
Access Control ◽  
Control Policy ◽  
Functional Requirements ◽  
Access Control Policy ◽  
Policy Modeling ◽  
The Past ◽  
Access Control Policies ◽  
Modeling Techniques ◽  
High Level

Access control policies (ACPs) characterize the high-level rules according to which the access control of a system is regulated. Generally they are defined separately from the functional requirements (FRs) of an application and added to the system as an afterthought after being built. But, many problems arose during the integration of ACPs and FRs. Hence, over the past years, researchers have suggested for the modifying the design phase to include an earlier focus on access control issues through various modeling techniques. This paper reviews the important approaches in ACP modeling and makes a comparative analysis of the advantages and limitations of those techniques especially in addressing complex ACPs. Based on the comparative analysis, this paper presents directions for further work needed in handling the intricate nature of today’s ACPs.

Hierarchy Similarity Analyser

2020 ◽  
pp. 204-220
Author(s):  
Shalini Bhartiya ◽  
Deepti Mehrotra ◽  
Anup Girdhar
Keyword(s):  
Access Control ◽  
Health Professionals ◽  
Control Policy ◽  
Healthcare Organizations ◽  
Access Control Policy ◽  
Unauthorized Access ◽  
Role Hierarchy ◽  
Access Control Policies ◽  
Policy Testing ◽  
Organizational Rules

Health professionals need an access to various dimensions of Electronic Health Records (EHR). Depending on technical constraints, each organization defines its own access control schema exhibiting heterogeneity in organizational rules and policies. Achieving interoperability between such schemas often result in contradictory rules thereby exposing data to undue disclosures. Permitting interoperable sharing of EHRs and simultaneously restricting unauthorized access is the major objective of this paper. An Extensible Access Control Markup Language (XACML)-based framework, Hierarchy Similarity Analyser (HSA), is proposed which fine-grains access control policies of disparate healthcare organizations to achieve interoperable and secured sharing of EHR under set authorizations. The proposed framework is implemented and verified using automated Access Control Policy Testing (ACPT) tool developed by NIST. Experimental results identify the users receive secured and restricted access as per their authorizations and role hierarchy in the organization.

Mining a high level access control policy in a network with multiple firewalls

2015 ◽  
Vol 20 ◽  
pp. 61-73 ◽  
Author(s):  
Safaà Hachana ◽  
Nora Cuppens-Boulahia ◽  
Frédéric Cuppens
Keyword(s):  
Access Control ◽  
Control Policy ◽  
Access Control Policy ◽  
High Level

Research on Access Control Policy for Confidential Information System

2012 ◽  
Vol 263-266 ◽  
pp. 3064-3067 ◽  
Author(s):  
Jian Zhang ◽  
Jin Yao ◽  
Kun Huang
Keyword(s):  
Information System ◽  
Access Control ◽  
Control Policy ◽  
Research Topic ◽  
Access Control Policy ◽  
Confidential Information ◽  
Control Policies ◽  
Secure Access ◽  
Access Control Policies ◽  
Secure Access Control

How to achieve secure access control in multi-domain is a hot research topic in the information security field. The access control policy for confidential information system is different from that for ordinary commercial information system, because the former concerns about the confidentiality of the data and the latter concerns about the integrity. Emphatically discusses the access control policies for confidential information system, including single-domain and multi-domain environment, and presents two useful access control policies for multi-domain.

scholarly journals Attribute - Semantic Based Access Control Policy Model for IoT

2019 ◽  
Vol 9 (1S4) ◽  
pp. 560-564
Keyword(s):  
Access Control ◽  
Control Policy ◽  
Sensitive Information ◽  
Access Control Policy ◽  
Trust Value ◽  
Policy Model ◽  
Fine Grained ◽  
Iot Devices ◽  
New Policies ◽  
High Level

Internet of Things (IoT) devices under cloud assistance is deployed in different distributed environment. It collects sensed data and outsources the data to remote server and user for sharing. As IoT is used in important fields like healthcare, business and research, the sensed data are sensitive information which needs to be protected. Encryption is usual technique to protect data from adversaries. A fine grained access control is essential for heterogeneous device involved social network. The existing access control policies were defined for predefined identity and role which needs to be changed in dynamic situations. Moreover, all the necessary policies cannot be defined in advance and new policies were demanded for new situational context. To solve these issues, this work design a model which calculate final trust value based on semantic information dynamically referring to ontology. a access control policy is also designed on semantic role of the device. The semantic technology is used for high level reasoning of the context situation

scholarly journals A Comprehensive Formal Solution for Access Control Policies Management: Defect Detection, Analysis and Risk Assessment

10.29007/q916 ◽  
2018 ◽  
Author(s):  
Faouzi Jaidi ◽  
Faten Labbene Ayachi ◽  
Adel Bouhoula
Keyword(s):  
Risk Assessment ◽  
Access Control ◽  
Development Process ◽  
Formal Solution ◽  
Control Policy ◽  
Formal Reasoning ◽  
Access Control Policy ◽  
Control Policies ◽  
Detection Analysis ◽  
Access Control Policies

Nowadays, the access control is becoming increasingly important for open, ubiquitous and criti- cal systems. Nonetheless, efficient Administration, Management, Safety analysis and Risk assessment (AMSR) are recognized as fundamental and crucial challenges in todays access control infrastructures. In untrustworthy environment, the administration of an access control policy, which is a main secu- rity aspect, generally raises a critical analysis problem when the administration is distributed and/or potentially un-trusted users contribute to this process. Consequently, collusions attempts and inner threats may take place to generate crucial and invisible breaches to circumvent the policy. To address this issue, we introduce a rigorous and comprehensive solution for an efficient and secure management of access control policies. Our proposal gives a high visibility on the development process of an access control policy and allows in an elegant manner to detect, analyze and assess the risk associated to the policy defects. The strength of our proposal is that it relies on logic-like formalisms to ensure a high surety by verifying the correctness and the completeness of our formal reasoning. We rely on an example to illustrate the relevance of the proposal.

Research of Role's Creation-Based Access Control Policy

2013 ◽  
Vol 791-793 ◽  
pp. 1790-1793
Author(s):  
Jing Mei Li ◽  
Bao Quan Zhang ◽  
Yan Xia Wu
Keyword(s):  
Access Control ◽  
Control Policy ◽  
Role Based Access Control ◽  
Access Control Policy ◽  
Application System ◽  
Access Control Policies ◽  
Access Control System ◽  
Role Based ◽  
Improved Design ◽  
Dynamic Proxy

Role-based access control policy has been widely applied to various access control system design. In order to improve the flexibility of authorization check design and convenience of management, this paper uses the principle of dynamic proxy design to optimize this process, also provide a method which is Spring AOP based of transaction management for program running. The role-create method proposed can configure the users authority flexible. The improved design concept can achieve the basic requirements if role-based access control policies, and improve the efficiency of project development and security of application system maximum.

Supporting Complex Access Control Policy in PDM System

2009 ◽  
Vol 16-19 ◽  
pp. 703-707
Author(s):  
Chun Xiao Ye ◽  
Yun Qing Fu ◽  
Hong Xiang
Keyword(s):  
Access Control ◽  
Control Policy ◽  
Control Model ◽  
Access Control Policy ◽  
Access Control Model ◽  
Control Policies ◽  
Role Assignment ◽  
Access Control Policies ◽  
Extended Access ◽  
Model Complex

Based on previous works, this paper proposed an extended access control model for PDM system. In this model, complex access control policies are expressed and enforced to ensure the security of user role assignment, delegation and revocation of PDM system. To reduce system administrator’s work, the model provides an auto revocation mechanism which can be triggered by time, access control policies and user states. This paper also propose an implementation system architecture, an auto revocation algorithm and some examples to show how this complex policy supported access control model works in PDM system.

Design and Implementation of a CIM-SPL Based RBAC Policy Language

2012 ◽  
Vol 195-196 ◽  
pp. 126-131
Author(s):  
Yan Ming Cao ◽  
Li Pan
Keyword(s):  
Access Control ◽  
Open Source Software ◽  
Health Information System ◽  
Control Policy ◽  
Access Control Policy ◽  
Implementation Framework ◽  
Policy Language ◽  
Design And Implementation ◽  
Access Control Policies

Since the original CIM-SPL policy language does not support access control policy, the CIM-SPL is extended with the RBAC model in this paper. Then a new CIM-SPL based RBAC policy language is designed and implemented. The syntax specification of the new policy language complies with the original CIM-SPL. So it is quite suitable to describe access control policies for information systems specified by CIM. The implementation framework of the new access control policy language is based on the IETF PDP/PEP approach and is integrated in the Open Pegasus system which is the most widely used open-source software of CIM implementation. At last, a case study of Health Information System is used to demonstrate the flexibility and applicability of the new access control policy language.

Sign in / Sign up

Export Citation Format

Share Document