A Role-Performance Strategy of State Grid Unified Application Platform

Based on the State Grid Unified Application Platform as the carrier, this paper proposed an extensible access control policy. For a long time, the combination of electric power enterprise internal environment and traditional access control are very inadequate. The traditional access control model on the current unified platform access and control permissions interaction problems is almost blank. Therefore, this paper puts forward an improved access control model. The model has solves some key problems of access control in State Grid Unified Application Platform , such as specific role division, interaction between roles, permissions delivery, senior role inherited permissions unlimited scale-up, and permissions linkage.

Download Full-text

Eksplorasi ABAC dan XACML untuk Design Access Control pada Resource Digital

Jurnal Teknologi Informasi dan Ilmu Komputer ◽

10.25126/jtiik.2019651679 ◽

2019 ◽

Vol 6 (5) ◽

pp. 535

Author(s):

Fauzan Natsir ◽

Imam Riadi ◽

Yudi Prayudi

Keyword(s):

Access Control ◽

System Analysis ◽

Policy Design ◽

Control Policy ◽

Control Model ◽

Policy Statement ◽

Access Control Policy ◽

Access Control Model ◽

Digital Resources ◽

Attribute Based Access Control

Resource digital memerlukan sebuah mekanisme untuk mengatur policy terhadap kontrol untuk mendapatkan hak akes ke dalam suatu sistem. Akses kontrol lebih fleksibel dibanding dengan pendekatan otorisasi, autentikasi ataupun verifikasi yang sangat sederhana. Mekanisme access control policy dengan pendekatan atribut diyakini sebagai solusi adaptif yaitu ABAC (Attribute Based Access Control) dengan implementasi model XACML (Extensible Access Control Modelling Language). Desain policy ABAC ini disajikan dengan atribut-atribut dari salah satu studi kasus resource digital dengan sistem e-Library. e-Library merupakan salah satu resource digital dimana proses autentikasinya belum dimodelkan dengan atrubut subjek yang ada. Penelitian ini diawali dari identifikasi atribut dari rule, pemodelan ABAC resource digital, implementasi XACML, simulasi sistem dan analisis sistem. Hasil dari pengujian akses kontrol menggunakan ALFA (Axiomatics Language for Authorization) untuk pemberian kinerja akses kontrol terhadap resource digital. Hasil analisis dengan pendekatan ABAC dengan model XACML ini menyajikan suatu keamanan sistem dengan model akses kontrol berbasis atribut dari policy statement untuk menjadi solusi model akses kontrol yang dibuat sebelumnya dan mendukung model akses kontrol yang relevan untuk resource digital AbstractDigital resources require a mechanism to regulate policy against controls to get access rights to a system. Access control is more flexible than the very simple approach of authorization, authentication or verification. The access control policy with the attribute approach is believed to be an adaptive solution, namely ABAC (Attribute Based Access Control) with the implementation of the XACML (Extensible Access Control Modeling Language) model. This ABAC policy design is presented with attributes from one of the digital resource case studies with the e-Library system. e-Library is one of the digital resources where the authentication process has not been modeled with the existing subject matter. This study begins with the identification of the attributes of the rule, digital ABAC resource modeling, XACML implementation, system simulation and system analysis. The results of testing access control using ALFA (Axiomatics Language for Authorization) to provide performance control access to digital resources. The results of the analysis using the ABAC approach with the XACML model present a system security with attribute-based access control models from policy statements to be a solution to the previously created access control model and support the access control model relevant for digital resources

Download Full-text

A Policy Based Access Control Model of PDM System

Materials Science Forum ◽

10.4028/www.scientific.net/msf.626-627.735 ◽

2009 ◽

Vol 626-627 ◽

pp. 735-740

Author(s):

Chun Xiao Ye ◽

Yun Qing Fu

Keyword(s):

Access Control ◽

System Architecture ◽

Control Policy ◽

System Security ◽

Control Model ◽

Access Control Policy ◽

Access Control Model

In PDM system, there exist many users, such as employees, partners, and customers. To protect resource from illegal access, it is very important to enforce access control policy in PDM system. RBAC is widely used as an access control model in PDM system. But, it is difficult for RBAC to support complex access control policy. This paper proposed a simple, flexible way to express and enforce access control policy. To keep the integrity of system security and make the system administer work easier, we propose auto revocation triggered by time and access control policy in our model. At the end of this paper introduces a system architecture and auto revocation algorithm. We also give some examples to show how this model works in PDM system.

Download Full-text

Optimistic Access Control for Collaborative Applications

Innovative Solutions for Access Control Management - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-0448-1.ch005 ◽

2016 ◽

pp. 125-158

Author(s):

Asma Cherif ◽

Abdessamad Imine

Keyword(s):

Access Control ◽

Control Policy ◽

Control Model ◽

Full Potential ◽

Access Control Policy ◽

Access Control Model ◽

Final State ◽

Shared Data ◽

Collaborative Applications ◽

Access Rights

Collaborative applications are important applications, allowing users to cooperate in order to perform a given task. Their importance has grown significantly over the recent years since they are required in many fields. However, they still lack of an appropriate access control mechanism which limits their full potential. It is hard to conceive an access control model for collaborative applications since they need to change dynamically access rights while maintaining high local responsiveness. This chapter presents a decentralized access control model based on replicating the shared document and its access control policy at each collaborating site. The interaction between document updates and authorizations updates is carefully studied to maintain the convergence of the shared data. Our model relies on an optimistic approach to enforce the access control, i.e. users may temporarily violate the access control policy if their rights were revoked concurrently. Illegal operations are undone selectively to eliminate their effects and converge to the same final state of the shared object.

Download Full-text

An Access Control Model for XML Repositories

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.397-400.2360 ◽

2013 ◽

Vol 397-400 ◽

pp. 2360-2366

Author(s):

Hao Zhong

Keyword(s):

Access Control ◽

Relational Databases ◽

Control Mechanism ◽

Control Policy ◽

Control Model ◽

Coarse Grained ◽

Access Control Policy ◽

Access Control Model ◽

Xml Documents ◽

Access Control Mechanism

The XML documents are nested and semi-structured, but the traditional access control mechanism is coarse-grained and not applicable. We proposed an XML access control model (XACM) for XML repository. The XACM provides a fine granular definition for XML authorizations, which is based on the self-description characteristic of XML. We also discuss how to use the XACM to automatically preserve the access control policy, when relational databases are published as XML documents. Finally, we present the implementation of the XACM in an actual XML publisher system. Comparing with existing related works, the XACM is more flexible, efficient and less overheads.

Download Full-text

Supporting Complex Access Control Policy in PDM System

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.16-19.703 ◽

2009 ◽

Vol 16-19 ◽

pp. 703-707

Author(s):

Chun Xiao Ye ◽

Yun Qing Fu ◽

Hong Xiang

Keyword(s):

Access Control ◽

Control Policy ◽

Control Model ◽

Access Control Policy ◽

Access Control Model ◽

Control Policies ◽

Role Assignment ◽

Access Control Policies ◽

Extended Access ◽

Model Complex

Based on previous works, this paper proposed an extended access control model for PDM system. In this model, complex access control policies are expressed and enforced to ensure the security of user role assignment, delegation and revocation of PDM system. To reduce system administrator’s work, the model provides an auto revocation mechanism which can be triggered by time, access control policies and user states. This paper also propose an implementation system architecture, an auto revocation algorithm and some examples to show how this complex policy supported access control model works in PDM system.

Download Full-text

KONSEP ATTRIBUTE BASED ACCESS CONTROL (ABAC) PADA LEMARI PENYIMPANAN BUKTI DIGITAL (LPBD)

JURNAL TEKNIK INFORMATIKA ◽

10.15408/jti.v11i1.7220 ◽

2018 ◽

Vol 11 (1) ◽

pp. 85-94

Author(s):

Moh Fadly Panende ◽

Imam Riadi ◽

Yudi Prayudi

Keyword(s):

Access Control ◽

Control Policy ◽

Control Model ◽

Digital Evidence ◽

Access Control Policy ◽

Access Control Model ◽

Control Approach ◽

Policy Model ◽

Attribute Based Access Control ◽

Good Access

Abstract An important factor of the investigation into cybercrime cases is the case relating to the evidence found. Electronic evidence and digital evidence found in criminal cases should be maintained from the outset, to be held accountable for justice. Sistem digital evidence storage cabinets (LPBD) is one solution to overcome the management of digital evidence is based on digital evidence cabinet (DEC), only the system is not equipped with a good access control model. The LPBD system needs to be built not only on the issue of digital evidence management, but other important components in the digital proof storage cabinet itself, access arrangements, so that the scheme or the design of access control policies on LPBD is very important. The access controls used on previous LPBDs are only done by authentication mechanisms and User authorization mechanisms, no other more complex parameters to support requests made on LPBD systems. In the absence of a good access control model design scheme for LPBD, it is necessary to design an access control policy model using the attribute-based access control approach (ABAC) because ABAC is a more flexible access control model in the application of attributes to users , and the. XACML hierarchy can support control requirements access used in digital evidence storage cabinets (LPBD). ABSTRAK Faktor penting dalam proses investigasi sebuah kasus cybercrime yaitu hal yang terkait dengan barang bukti yang ditemukan. Bukti elektronik maupun bukti digital yang ditemukan dalam sebuah kasus kejahatan harus tetap terjaga keasliannya, untuk dapat dipertanggung jawabkan dipengadilan. Sistem lemari penyimpanan bukti digital (LPBD) menjadi salah satu solusi untuk permasalahan manajemen bukti digital ini yang berdasar pada digital evidence cabinet (DEC), hanya saja sistem tersebut belum dilengkapi dengan model access control yang baik. Sistem LPBD seharusnya dibuat tidak hanya berdasar pada permasalahan-permasalahan tentang manajemen bukti digital saja, akan tetapi komponen-komponen penting lainnya dalam lemari penyimpanan bukti digital itu sendiri yaitu pengaturan aksesnya, sehingga skema atau desain access control policy terhadap LPBD menjadi sangat penting. Access control yang gunakan terhadap LPBD sebelumnya dibuat hanya dengan mekanisme authefikasi dan authorisasi user saja, tidak adanya parameter lain yang lebih kompleks untuk mendukung sebuah request yang dilakukan pada sistem LPBD. Mengingat belum adanya skema rancangan model access control yang baik pada LPBD ini, maka perlu dilakukan perancangan model access control policy menggunakan pendekatan attribute based access control (ABAC) karena ABAC merupakan model access control yang lebih fleksibel dalam penerapan attribute terhadap user, dan hierarchy XACML yang dapat mendukung kebutuhan-kebutuhan access control yang digunakan pada lemari penyimpanan bukti digital (LPBD).How To Cite : Panende, M.F, Prayudi, Y. Riadi, I. (2018). KONSEP ATTRIBUTE BASED ACCESS CONTROL (ABAC) PADA LEMARI PENYIMPANAN BUKTI DIGITAL (LPBD). Jurnal Teknik Informatika, 11(1), 85-94. doi 10.15408/jti.v11i1.7220 Permalink/DOI: http://dx.doi.org/10.15408/jti.v11i1.7220

Download Full-text

Towards a Scalable Role and Organization Based Access Control Model with Decentralized Security Administration

Handbook of Research on Social and Organizational Liabilities in Information Security ◽

10.4018/978-1-60566-132-2.ch006 ◽

2009 ◽

pp. 94-117

Author(s):

Zhixiong Zhang ◽

Xinwen Zhang ◽

Ravi Sandhu

Keyword(s):

Access Control ◽

Scale Up ◽

Control Model ◽

Security Policies ◽

Traditional Role ◽

Access Control Model ◽

Role Hierarchy ◽

Role Based ◽

Organization Based Access Control ◽

Administrative Tasks

This chapter addresses the problem that traditional role-base access control (RBAC) models do not scale up well for modeling security policies spanning multiple organizations. After reviewing recently proposed Role and Organization Based Access Control (ROBAC) models, an administrative ROBAC model called AROBAC07 is presented and formalized in this chapter. Two examples are used to motivate and demonstrate the usefulness of ROBAC. Comparison between AROBAC07 and other administrative RBAC models are given. We show that ROBAC/AROBAC07 can significantly reduce administration complexity for applications involving a large number of organizational units. Finally, an application compartment-based delegation model is introduced, which provides a method to construct administrative role hierarchy in AROBAC07. We show that the AROBAC07 model provides convenient ways to decentralize administrative tasks for ROBAC systems and scales up well for role-based systems involving a large number of organizational units.

Download Full-text

T-RBAC based Multi-domain Access Control Method in Cloud

Network Protocols and Algorithms ◽

10.5296/npa.v8i4.10411 ◽

2017 ◽

Vol 8 (4) ◽

pp. 29

Author(s):

Dapeng Xiong ◽

Liang Chen

Keyword(s):

Access Control ◽

Control Method ◽

Comparative Trial ◽

Control Policy ◽

Control Model ◽

Control Technology ◽

Cloud Environment ◽

Access Control Policy ◽

Driving Model ◽

And Task

Access control technology protects cloud from being accessed illegal. However, traditional access control technology cannot meet the new features of the cloud environment. In order to improve the deficiency of the current multi domain access control in timeliness and flexibility. This paper put forward a dynamic access control policy on the basis of task driving idea. New method combined the advantage of RBAC and task driving model, joined with limit aging and real time strategy synthesis. Comparative trial show that new policy had an advantage in flexibility and availability of multi-domain access control model.

Download Full-text

Kerberos Authorization with Hybrid Access Control Model in Public Cloud

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.d5283.118419 ◽

2019 ◽

Vol 8 (4) ◽

pp. 7267-7271

Keyword(s):

Access Control ◽

Information Exchange ◽

Data Privacy ◽

Control Policy ◽

Control Model ◽

Role Based Access Control ◽

Public Cloud ◽

Data Confidentiality ◽

Access Control Model ◽

Hybrid Access

Access control and Data confidentiality are key technology to ensure the security of system and to protect the privacy of the users. The modified Collaborative Trust Enhanced Security (CTES) model has an inbuilt access control mechanism for Kerberos protocol itself to enforce the access control policy directly into the Client system node. This paper explains the hybrid access control model with Role Based Access Control (RBAC) and Attribute Based Access Control (ABAC) for modified CTES framework through Kerberos protocol. Hence, it retains the concept of “role”, “group” and “attributes” for the user which are necessary to protect data privacy in the system. Data confidentiality for the stored data in Cloud is achieved by cryptographic techniques. Gnu Privacy Guard (GnuPG) based certificate is capable enough to verify the identity of the correspondent in information exchange as well as the information integrity. It is a strongest authentication technique where the user is asked to provide his/her digital ID for validation in the Server and enables Single sign-on services for Kerberos Authorization in modified CTES model. In this paper, it is proposed for a new Kerberos Authorization with Hybrid Access Control Model (KAHAC) for single-domain systems and multi-domain systems in Public Cloud based on roles, attributes, groups, access modes and the type of resources.

Download Full-text

An Adaptive Access Control Model for Web Services

Information Security and Ethics ◽

10.4018/978-1-59904-937-3.ch051 ◽

2008 ◽

pp. 671-703

Author(s):

Elisa Bertino ◽

Anna C. Squicciarini ◽

Lorenzo Martino ◽

Federica Paci

Keyword(s):

Web Services ◽

Access Control ◽

Control Policy ◽

Control Model ◽

Negotiation Process ◽

Service Access ◽

Service Class ◽

Access Control Model ◽

Privacy And Security ◽

Policy Model

This paper presents an innovative access control model, referred to as Web service Access Control Version 1 (Ws-AC1), specifically tailored to Web services. The most distinguishing features of this model are the flexible granularity in protection objects and negotiation capabilities. Under Ws-AC1, an authorization can be associated with a single service and can specify for which parameter values the service can be authorized for use, thus providing a fine access control granularity. Ws-AC1 also supports coarse granularities in protection objects in that it provides the notion of service class under which several services can be grouped. Authorizations can then be associated with a service class and automatically propagated to each element in the class. The negotiation capabilities of Ws-AC1 are related to the negotiation of identity attributes and the service parameters. Identity attributes refer to information that a party requesting a service may need to submit in order to obtain the service. The access control policy model of Ws-AC1 supports the specification of policies in which conditions are stated, specifying the identity attributes to be provided and constraints on their values. In addition, conditions may also be specified against context parameters, such as time. To enhance privacy and security, the actual submission of these identity attributes is executed through a negotiation process. Parameters may also be negotiated when a subject requires use of a service with certain parameters values that, however, are not authorized under the policies in place. In this paper, we provide the formal definitions underlying our model and the relevant algorithms, such as the access control algorithm. We also present an encoding of our model in the Web Services Description Language (WSDL) standard for which we develop an extension, required to support Ws-AC1.

Download Full-text