Supporting Complex Access Control Policy in PDM System

2009 ◽  
Vol 16-19 ◽  
pp. 703-707
Author(s):  
Chun Xiao Ye ◽  
Yun Qing Fu ◽  
Hong Xiang
Keyword(s):  
Access Control ◽  
Control Policy ◽  
Control Model ◽  
Access Control Policy ◽  
Access Control Model ◽  
Control Policies ◽  
Role Assignment ◽  
Access Control Policies ◽  
Extended Access ◽  
Model Complex

Based on previous works, this paper proposed an extended access control model for PDM system. In this model, complex access control policies are expressed and enforced to ensure the security of user role assignment, delegation and revocation of PDM system. To reduce system administrator’s work, the model provides an auto revocation mechanism which can be triggered by time, access control policies and user states. This paper also propose an implementation system architecture, an auto revocation algorithm and some examples to show how this complex policy supported access control model works in PDM system.

scholarly journals Eksplorasi ABAC dan XACML untuk Design Access Control pada Resource Digital

2019 ◽  
Vol 6 (5) ◽  
pp. 535
Author(s):  
Fauzan Natsir ◽  
Imam Riadi ◽  
Yudi Prayudi
Keyword(s):  
Access Control ◽  
System Analysis ◽  
Policy Design ◽  
Control Policy ◽  
Control Model ◽  
Policy Statement ◽  
Access Control Policy ◽  
Access Control Model ◽  
Digital Resources ◽  
Attribute Based Access Control

<p class="Abstrak"><em>Resource digital </em>memerlukan sebuah mekanisme untuk mengatur<em> policy </em>terhadap kontrol untuk mendapatkan hak<em> </em>akes ke dalam suatu sistem. Akses kontrol lebih fleksibel dibanding dengan pendekatan otorisasi, autentikasi ataupun verifikasi yang sangat sederhana. Mekanisme <em>access control policy</em> dengan pendekatan atribut diyakini sebagai solusi adaptif yaitu ABAC (<em>Attribute Based Access Control</em>) dengan implementasi model XACML (<em>Extensible Access Control Modelling Language</em>). Desain <em>policy</em> ABAC ini disajikan dengan atribut-atribut dari salah satu studi kasus <em>resource digital</em> dengan sistem <em>e-Library</em>. <em>e-Library</em> merupakan salah satu resource digital dimana proses autentikasinya belum dimodelkan dengan atrubut subjek yang ada. Penelitian ini diawali dari identifikasi atribut dari <em>rule</em>, pemodelan ABAC<em> resource digital</em>, implementasi XACML, simulasi sistem dan analisis sistem. Hasil dari<em> </em>pengujian akses kontrol menggunakan <em>ALFA (Axiomatics Language for Authorization)</em> untuk pemberian kinerja akses kontrol terhadap <em>resource digital</em>. Hasil analisis dengan pendekatan ABAC dengan model XACML ini menyajikan suatu keamanan sistem dengan model akses kontrol berbasis atribut dari <em>policy statement</em> untuk menjadi solusi model akses kontrol yang dibuat sebelumnya dan mendukung model akses kontrol yang relevan untuk <em>resource digital</em></p><p class="Abstrak"><em><br /></em></p><p class="Abstrak"><strong><em>Abstract</em></strong></p><p class="Judul2"><em>Digital resources require a mechanism to regulate policy against controls to get access rights to a system. Access control is more flexible than the very simple approach of authorization, authentication or verification. The access control policy with the attribute approach is believed to be an adaptive solution, namely ABAC (Attribute Based Access Control) with the implementation of the XACML (Extensible Access Control Modeling Language) model. This ABAC policy design is presented with attributes from one of the digital resource case studies with the e-Library system. e-Library is one of the digital resources where the authentication process has not been modeled with the existing subject matter. This study begins with the identification of the attributes of the rule, digital ABAC resource modeling, XACML implementation, system simulation and system analysis. The results of testing access control using ALFA (Axiomatics Language for Authorization) to provide performance control access to digital resources. The results of the analysis using the ABAC approach with the XACML model present a system security with attribute-based access control models from policy statements to be a solution to the previously created access control model and support the access control model relevant for digital resources</em><em></em></p><p class="Abstrak"><strong><em><br /></em></strong></p>

Research on Access Control Policy for Confidential Information System

2012 ◽  
Vol 263-266 ◽  
pp. 3064-3067 ◽  
Author(s):  
Jian Zhang ◽  
Jin Yao ◽  
Kun Huang
Keyword(s):  
Information System ◽  
Access Control ◽  
Control Policy ◽  
Research Topic ◽  
Access Control Policy ◽  
Confidential Information ◽  
Control Policies ◽  
Secure Access ◽  
Access Control Policies ◽  
Secure Access Control

How to achieve secure access control in multi-domain is a hot research topic in the information security field. The access control policy for confidential information system is different from that for ordinary commercial information system, because the former concerns about the confidentiality of the data and the latter concerns about the integrity. Emphatically discusses the access control policies for confidential information system, including single-domain and multi-domain environment, and presents two useful access control policies for multi-domain.

A Policy Based Access Control Model of PDM System

2009 ◽  
Vol 626-627 ◽  
pp. 735-740
Author(s):  
Chun Xiao Ye ◽  
Yun Qing Fu
Keyword(s):  
Access Control ◽  
System Architecture ◽  
Control Policy ◽  
System Security ◽  
Control Model ◽  
Access Control Policy ◽  
Access Control Model

In PDM system, there exist many users, such as employees, partners, and customers. To protect resource from illegal access, it is very important to enforce access control policy in PDM system. RBAC is widely used as an access control model in PDM system. But, it is difficult for RBAC to support complex access control policy. This paper proposed a simple, flexible way to express and enforce access control policy. To keep the integrity of system security and make the system administer work easier, we propose auto revocation triggered by time and access control policy in our model. At the end of this paper introduces a system architecture and auto revocation algorithm. We also give some examples to show how this model works in PDM system.

Optimistic Access Control for Collaborative Applications

2016 ◽  
pp. 125-158
Author(s):  
Asma Cherif ◽  
Abdessamad Imine
Keyword(s):  
Access Control ◽  
Control Policy ◽  
Control Model ◽  
Full Potential ◽  
Access Control Policy ◽  
Access Control Model ◽  
Final State ◽  
Shared Data ◽  
Collaborative Applications ◽  
Access Rights

Collaborative applications are important applications, allowing users to cooperate in order to perform a given task. Their importance has grown significantly over the recent years since they are required in many fields. However, they still lack of an appropriate access control mechanism which limits their full potential. It is hard to conceive an access control model for collaborative applications since they need to change dynamically access rights while maintaining high local responsiveness. This chapter presents a decentralized access control model based on replicating the shared document and its access control policy at each collaborating site. The interaction between document updates and authorizations updates is carefully studied to maintain the convergence of the shared data. Our model relies on an optimistic approach to enforce the access control, i.e. users may temporarily violate the access control policy if their rights were revoked concurrently. Illegal operations are undone selectively to eliminate their effects and converge to the same final state of the shared object.

scholarly journals MUTATION TESTING OF ACCESS CONTROL POLICIES

2021 ◽  
Vol 5 (1) ◽  
pp. 118-122
Author(s):  
Galina Cherneva ◽  
Pavlо Khalimov
Keyword(s):  
Access Control ◽  
Computer Security ◽  
Large Degree ◽  
Control Model ◽  
Security Requirements ◽  
Direct Access ◽  
Access Control Model ◽  
Control Policies ◽  
Modern Computer ◽  
Access Control Policies

One of the most important and integral components of modern computer security are access control systems. The objective of an access control system (ACS) is often described in terms of protecting system resources against inappropriate or unwanted user access. However, a large degree of sharing can interfere with the protection of resources, so a sufficiently detailed AC policy should allow selective exchange of information when, in its absence, sharing can be considered too risky in general. Erroneous configurations, faulty policies, as well as flaws in the implementation of software can lead to global insecurity. Identifying the differences between policy specifications and their intended functions is crucial because the correct implementation and enforcement of the policies of a particular application is based on the premise that the specifications of this policy are correct. As a result of the policy, the specifications presented by the models must undergo rigorous validation and legalization through systematic checks and tests to ensure that the specifications of the policies really correspond to the wishes of the creators. Verifying that access control policies and models are consistent is not a trivial and critical task. And one of the important aspects of such a check is a formal check for inconsistency and incompleteness of the model, and the security requirements of the policy, because the access control model and its implementation do not necessarily express policies that can also be hidden, embedded by mixing with direct access restrictions or another access control model.

scholarly journals A Comprehensive Formal Solution for Access Control Policies Management: Defect Detection, Analysis and Risk Assessment

10.29007/q916 ◽  
2018 ◽  
Author(s):  
Faouzi Jaidi ◽  
Faten Labbene Ayachi ◽  
Adel Bouhoula
Keyword(s):  
Risk Assessment ◽  
Access Control ◽  
Development Process ◽  
Formal Solution ◽  
Control Policy ◽  
Formal Reasoning ◽  
Access Control Policy ◽  
Control Policies ◽  
Detection Analysis ◽  
Access Control Policies

Nowadays, the access control is becoming increasingly important for open, ubiquitous and criti- cal systems. Nonetheless, efficient Administration, Management, Safety analysis and Risk assessment (AMSR) are recognized as fundamental and crucial challenges in todays access control infrastructures. In untrustworthy environment, the administration of an access control policy, which is a main secu- rity aspect, generally raises a critical analysis problem when the administration is distributed and/or potentially un-trusted users contribute to this process. Consequently, collusions attempts and inner threats may take place to generate crucial and invisible breaches to circumvent the policy. To address this issue, we introduce a rigorous and comprehensive solution for an efficient and secure management of access control policies. Our proposal gives a high visibility on the development process of an access control policy and allows in an elegant manner to detect, analyze and assess the risk associated to the policy defects. The strength of our proposal is that it relies on logic-like formalisms to ensure a high surety by verifying the correctness and the completeness of our formal reasoning. We rely on an example to illustrate the relevance of the proposal.

An Access Control Model for XML Repositories

2013 ◽  
Vol 397-400 ◽  
pp. 2360-2366
Author(s):  
Hao Zhong
Keyword(s):  
Access Control ◽  
Relational Databases ◽  
Control Mechanism ◽  
Control Policy ◽  
Control Model ◽  
Coarse Grained ◽  
Access Control Policy ◽  
Access Control Model ◽  
Xml Documents ◽  
Access Control Mechanism

The XML documents are nested and semi-structured, but the traditional access control mechanism is coarse-grained and not applicable. We proposed an XML access control model (XACM) for XML repository. The XACM provides a fine granular definition for XML authorizations, which is based on the self-description characteristic of XML. We also discuss how to use the XACM to automatically preserve the access control policy, when relational databases are published as XML documents. Finally, we present the implementation of the XACM in an actual XML publisher system. Comparing with existing related works, the XACM is more flexible, efficient and less overheads.

A Role-Performance Strategy of State Grid Unified Application Platform

2014 ◽  
Vol 701-702 ◽  
pp. 189-193
Author(s):  
Wei Wei Li ◽  
Chen Wang ◽  
Cheng Zhou ◽  
Jian Shi
Keyword(s):  
Access Control ◽  
Scale Up ◽  
Control Policy ◽  
Control Model ◽  
Role Performance ◽  
Access Control Policy ◽  
Access Control Model ◽  
Power Enterprise ◽  
Long Time ◽  
And Control

Based on the State Grid Unified Application Platform as the carrier, this paper proposed an extensible access control policy. For a long time, the combination of electric power enterprise internal environment and traditional access control are very inadequate. The traditional access control model on the current unified platform access and control permissions interaction problems is almost blank. Therefore, this paper puts forward an improved access control model. The model has solves some key problems of access control in State Grid Unified Application Platform , such as specific role division, interaction between roles, permissions delivery, senior role inherited permissions unlimited scale-up, and permissions linkage.

scholarly journals A Watermark-Based in-Situ Access Control Model for Image Big Data

2018 ◽  
Vol 10 (8) ◽  
pp. 69 ◽  
Author(s):  
Jinyi Guo ◽  
Wei Ren ◽  
Yi Ren ◽  
Tianqin Zhu
Keyword(s):  
Big Data ◽  
Access Control ◽  
Control Model ◽  
Single Image ◽  
Access Control Model ◽  
Control Policies ◽  
Fine Grained ◽  
Access Control Policies ◽  
Proposed Model

When large images are used for big data analysis, they impose new challenges in protecting image privacy. For example, a geographic image may consist of several sensitive areas or layers. When it is uploaded into servers, the image will be accessed by diverse subjects. Traditional access control methods regulate access privileges to a single image, and their access control strategies are stored in servers, which imposes two shortcomings: (1) fine-grained access control is not guaranteed for areas/layers in a single image that need to maintain secret for different roles; and (2) access control policies that are stored in servers suffers from multiple attacks (e.g., transferring attacks). In this paper, we propose a novel watermark-based access control model in which access control policies are associated with objects being accessed (called an in-situ model). The proposed model integrates access control policies as watermarks within images, without relying on the availability of servers or connecting networks. The access control for images is still maintained even though images are redistributed again to further subjects. Therefore, access control policies can be delivered together with the big data of images. Moreover, we propose a hierarchical key-role-area model for fine-grained encryption, especially for large size images such as geographic maps. The extensive analysis justifies the security and performance of the proposed model

scholarly journals KONSEP ATTRIBUTE BASED ACCESS CONTROL (ABAC) PADA LEMARI PENYIMPANAN BUKTI DIGITAL (LPBD)

2018 ◽  
Vol 11 (1) ◽  
pp. 85-94
Author(s):  
Moh Fadly Panende ◽  
Imam Riadi ◽  
Yudi Prayudi
Keyword(s):  
Access Control ◽  
Control Policy ◽  
Control Model ◽  
Digital Evidence ◽  
Access Control Policy ◽  
Access Control Model ◽  
Control Approach ◽  
Policy Model ◽  
Attribute Based Access Control ◽  
Good Access

Abstract An important factor of the investigation into cybercrime cases is the case relating to the evidence found. Electronic evidence and digital evidence found in criminal cases should be maintained from the outset, to be held accountable for justice. Sistem digital evidence storage cabinets (LPBD) is one solution to overcome the management of digital evidence is based on digital evidence cabinet (DEC), only the system is not equipped with a good access control model. The LPBD system needs to be built not only on the issue of digital evidence management, but other important components in the digital proof storage cabinet itself, access arrangements, so that the scheme or the design of access control policies on LPBD is very important. The access controls used on previous LPBDs are only done by authentication mechanisms and User authorization mechanisms, no other more complex parameters to support requests made on LPBD systems. In the absence of a good access control model design scheme for LPBD, it is necessary to design an access control policy model using the attribute-based access control approach (ABAC) because ABAC is a more flexible access control model in the application of attributes to users , and the. XACML hierarchy can support control requirements access used in digital evidence storage cabinets (LPBD).  ABSTRAK Faktor penting dalam proses investigasi sebuah kasus cybercrime yaitu hal yang terkait dengan barang bukti yang ditemukan. Bukti elektronik maupun bukti digital yang ditemukan dalam sebuah kasus kejahatan harus tetap terjaga keasliannya, untuk dapat dipertanggung jawabkan dipengadilan. Sistem lemari penyimpanan bukti digital (LPBD) menjadi salah satu solusi untuk permasalahan manajemen bukti digital ini yang berdasar pada digital evidence cabinet (DEC), hanya saja sistem tersebut belum dilengkapi dengan model access control yang baik. Sistem LPBD seharusnya dibuat tidak hanya berdasar pada permasalahan-permasalahan tentang manajemen bukti digital saja, akan tetapi komponen-komponen penting lainnya dalam lemari penyimpanan bukti digital itu sendiri yaitu pengaturan aksesnya, sehingga skema atau desain access control policy terhadap LPBD menjadi sangat penting. Access control yang gunakan terhadap LPBD sebelumnya dibuat hanya dengan mekanisme authefikasi dan authorisasi user saja, tidak adanya parameter lain yang lebih kompleks untuk mendukung  sebuah request yang dilakukan pada sistem LPBD. Mengingat belum adanya skema rancangan model access control yang baik pada LPBD ini, maka perlu dilakukan perancangan model access control policy menggunakan pendekatan attribute based access control (ABAC) karena ABAC merupakan model access control yang lebih fleksibel dalam penerapan attribute terhadap user, dan hierarchy XACML yang dapat mendukung kebutuhan-kebutuhan access control yang digunakan pada lemari penyimpanan bukti digital (LPBD).How To Cite : Panende, M.F, Prayudi, Y. Riadi, I. (2018). KONSEP ATTRIBUTE BASED ACCESS CONTROL (ABAC) PADA LEMARI PENYIMPANAN BUKTI DIGITAL (LPBD). Jurnal Teknik Informatika, 11(1), 85-94.  doi 10.15408/jti.v11i1.7220 Permalink/DOI: http://dx.doi.org/10.15408/jti.v11i1.7220 

Sign in / Sign up

Export Citation Format

Share Document