A new approach to ranking attributes in attribute based access control using decision fusion
Pages 803 - 812
Abstract
Nowadays access control has an important role in management of access to system resources. Almost all of the current attribute based access control (ABAC) models do not meet all the operational needs in access decision while it absolutely will be an important role in the future access control models. We believe that meeting the operational need in missions is necessary in ranking the attributes which are existed in the access control policies. In this paper we propose a new approach that helps to enhance ABAC. It creates the quantitative capability which we named it quantitative ABAC and is based on decision fusion. We determine the attributes which have the most important role in the enterprises access management. Then, the experts consider and prioritize the attributes to determine which of attributes are more important than others. In the other word, we provide the weights as the importance of access control attributes based on decision-makers' viewpoints by utilizing ordered weighted averaging for the proposed prioritization. As the result of this research, it is possible that if there are some corrected values with high ranking among N parameters in attributes, the permission may be granted. The case study considerations show that decision fusion can be useful in solving some challenges of risk adaptable access control models. This enables policy-makers to manage and control the system resources more accurately and flexibility in integrated and complex systems. The results of this study could be useful in integrated environments such as c4i systems.
References
[1]
Rao UH (2014) Access controls. In: Brown K (ed) The InfoSec handbook: an introduction to information security. Apress, New York, United States, pp 63---76
[2]
Conrad E (2014) Domain 1: access control. In: Sciencedirect (Ed) Eleventh hour CISSP. ScienceDirect. Syngress, Rockland, Massachusetts, United States, pp 1---21
[3]
Department of Defense (1985) Trusted computer system evaluation criteria. United States Department of Defense (DOD), Virginia, United States
[4]
Li N (2011) Discretionary access control. In: Jajodia S, Van Tilborg HCA (eds) Encyclopedia of cryptography and security. Springer, New York, pp 353---356
[5]
Jafarian JH (2009) A dynamic mandatory access control model. In: Sarbazi-Azad H (ed) Advances in computer science and engineering. Springer, Berlin, pp 862---866
[6]
Martínez-garcía C, Navarro-arribas G, Borrell J (2011) Fuzzy role-based access control. Inf Process Lett 111(10):483---487
[7]
Hu VC et al (2014) Guide to attribute based access control (ABAC) definition and considerations. National Institute of Standards and Technology (NIST), Maryland, United States
[8]
Oracle Corporation (2016) W3org. Oracle Corporation, California, United States. Retrieved 11 Apr 2016, from https://www.w3.org/2009/policy-ws/papers/Mishra.pdf
[9]
Jha S (2015) Enforcing separation of duty in attribute based access control systems. In: Jajodia S, Mazumdar C (eds) Information systems security. Springer, Berlin, pp 61---78
[10]
Gupta P, Stoller SD, Xu Z (2014) Abductive analysis of administrative policies in rule-based access control. IEEE Trans Dependable Secure Comput 11(5):412---424
[11]
Shinichi suzukia et al (2007) Capability-based egress network access control by using DNS server. J Netw Comput Appl 30(4):1275---1282
[12]
Rajpoot QM et al (2015) Integrating attributes into role-based access control. In: Samarati P (ed) Data and applications security and privacy XXIX. Springer, Berlin, pp 242---249
[13]
Zhou X, Wang Z (2007) An access control model of workflow system integrating RBAC and TBAC. In: Wang W (ed) Integration and innovation orient to E-society. Springer, New York, pp 246---251
[14]
Rajpoot QM (2015) Attributes enhanced role-based access control model. In: Fischer-Hübner S (ed) Trust, privacy and security in digital business. Springer, Berlin, pp 3---17
[15]
Crampton J (2003) On permissions, inheritance and role hierarchies. In: Proceedings of the 10th ACM conference on computer and communications security. ACM, New York, NY, USA, pp 85---92
[16]
Adhikari R (2014) A meticulous study of various medium access control protocols for wireless sensor networks. J Netw Comput Appl 41(1):488---504
[17]
Ray I, Toahchoodee M (2007) A spatio-temporal role-based access control model. In: Barker S (ed) Data and applications security. Springer, Berlin, pp 211---226
[18]
Salim et al (2013) Budget-aware role based access control. Comput Secur 35(1):37---50
[19]
Wang L et al (2004) A logic-based framework for attribute based access control. In: Proceedings of the ACM workshop on formal methods in security engineering. ACM, Washington DC, USA, pp 25---29
[20]
Smari W, Clemente P, Lalande J (2014) An extended attribute based access control model with trust and privacy: application to a collaborative crisis management system. Future Gener Comput Syst 31(1):147---168
[21]
Byun J, Li N (2006) Purpose based access control for privacy protection in relational database systems. VLDB J 17(4):603---619
[22]
Adda M et al (2015) Toward an access control model for IOTCollab. In: The 6th international conference on ambient systems, networks and technologies (ANT-2015), the 5th international conference on sustainable energy information technology. Procedia Computer Science, pp 428---435
[23]
Baracaldo N, Joshi J (2012) A trust-and-risk aware RBAC framework: tackling insider threat. In: Proceedings of the 17th ACM symposium on access control models and technologies. ACM, New York, NY, USA, pp 167---176
[24]
Chen L (2012) Risk-aware role-based access control. In: Meadows C, Fernandez-Gago C (eds) Security and trust management. Springer, Berlin, pp 140---156
[25]
Almutairi A, Sarfraz M, Ghafoor A (2015) Risk-aware management of virtual resources in access controlled service-oriented cloud datacenters. IEEE Trans Cloud Comput PP:1
[26]
Shaikh RA, Adi K, Logrippo L (2012) Dynamic risk-based decision methods for access control systems. Comput Secur 31(4):447---464
[27]
Ni Q et al (2010) Risk-based access control systems built on fuzzy inferences. In: Proceedings of the 5th ACM symposium on information, computer and communications security. ACM, New York, NY, USA, pp 250---260
[28]
Zarghami M, Ardakanian R, Memariani A, Szidarovszky F (2008) Extended OWA operator for group decision making on water resources projects. J Water Resour Plan Manag 134(3):266---275.
[29]
Smolíková R, Wachowiak MP (2002) Aggregation operators for selection problems. Fuzzy Sets Syst 131(1):23---34
[30]
Ben-arieh D (2005) Sensitivity of multi-criteria decision making to linguistic quantifiers and aggregation means. Comput Ind Eng 48(2):289---309
[31]
Mianabadi H, Afshar A, Zarghami M (2011) Intelligent multi-stakeholder environmental management. Expert Syst Appl 38(1):862---866
[32]
Sadiq R, Rodríguez MJ, Tesfamariam S (2010) Integrating indicators for performance assessment of small water utilities using ordered weighted averaging (OWA) operators. Expert Syst Appl 37(7):4881---4891
[33]
Mianabadi et al (2014) Application of the ordered weighted averaging (OWA) method to the Caspian Sea conflict. Stoch Env Res Risk Assess 28(6):1359---1372
[34]
Zhou L, Chen H, Liu J (2013) Continuous ordered weighted distance measure and its application to multiple attribute group decision making. Group Decis Negot 22(4):739---758
[35]
Gregory M, Loscocco P (2009) Using the flask security architecture to facilitate risk adaptable access controls. United States National Security Agency (NSA), Maryland, United States
[36]
Rezakhani A, Shirazi H, Modiri N (2013) Risk adaptable access control in C4I system. In: 7th C4I conference in Imam Hossein University
[37]
Mcgraw RW (2004) Risk-adaptable access control (RAdAC). United States National Security Agency (NSA), Maryland, United States
- A new approach to ranking attributes in attribute based access control using decision fusion
Recommendations
Towards Attribute-Centric Access Control: an ABAC versus RBAC argument
Recent developments in attribute-based access control have fueled the conventional debate regarding the pros and cons of Attributes-based access control ABAC versus Role-based access control RBAC. However, existing arguments have been primarily focused ...
Adding Attributes to Role-Based Access Control
Merging the best features of RBAC and attribute-based systems can provide effective access control for distributed and rapidly changing applications.
Configuring role-based access control to enforce mandatory and discretionary access control policies
Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Copyright © Copyright © 2017 The Natural Computing Applications Forum.
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 01 January 2017
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 03 Jan 2025