首页 | 本学科首页   官方微博 | 高级检索  
     


Association-Based Active Access Control models with balanced scalability and flexibility
Authors:Zhi-nian Zhai  Ya-hui Lu  Ping-Jian Zhang  Zhi-hao Chen
Affiliation:1. School of Information and Electronic Engineering, Zhejiang University of Science and Technology, Hangzhou, China;2. School of Computer and Software, Shenzhen University, Shenzhen, China;3. School of Computer Science and Engineering, South China University of Technology, Guangzhou, China;4. Center for Software Engineering, University of Southern California, Los Angeles, United States
Abstract:In existing Active Access Control (AAC) models, the scalability and flexibility of security policy specification should be well balanced, especially: (1) authorizations to plenty of tasks should be simplified; (2) team workflows should be enabled; (3) fine-grained constraints should be enforced. To address this issue, a family of Association-Based Active Access Control (ABAAC) models is proposed. In the minimal model ABAAC0, users are assigned to roles while permissions are assigned to task-role associations. In a workflow case, to execute such an association some users assigned to its component role will be allocated. The association's assigned permissions can be performed by them during the task is running in the case. In ABAAC1, a generalized association is employed to extract common authorizations from multiple associations. In ABAAC2, a fine-grained separation of duty (SoD) is enforced among associations. In the maximal model ABAAC3, all these features are integrated, and similar constraints can be specified more concisely. Using a software workflow, case validation is performed. Comparison with a representative association based AAC model and the most scalable AAC model so far indicates that: (1) enough scalability is achieved; (2) without decomposition of a task, different permissions can be authorized to multiple roles in it; (3) separation of more fine-grained duties than roles and tasks can be enforced.
Keywords:Access control  Workflow  Task  Role  Scalability  Flexibility
本文献已被 ScienceDirect 等数据库收录!
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号