{"title":"An Attribute Based Access Control Model with POL Module for Dynamically Granting and Revoking Authorizations","authors":"Gang Liu, Huimin Song, Can Wang, Runnan Zhang, Lu Fang","volume":126,"journal":"International Journal of Computer and Information Engineering","pagesStart":758,"pagesEnd":765,"ISSN":"1307-6892","URL":"https:\/\/publications.waset.org\/pdf\/10007354","abstract":"Currently, resource sharing and system security are
\r\ncritical issues. This paper proposes a POL module composed of
\r\nPRIV ILEGE attribute (PA), obligation and log which improves
\r\nattribute based access control (ABAC) model in dynamically granting
\r\nauthorizations and revoking authorizations. The following describes
\r\nthe new model termed PABAC in terms of the POL module
\r\nstructure, attribute definitions, policy formulation and authorization
\r\narchitecture, which demonstrate the advantages of it. The POL
\r\nmodule addresses the problems which are not predicted before and
\r\nnot described by access control policy. It can be one of the subject
\r\nattributes or resource attributes according to the practical application,
\r\nwhich enhances the flexibility of the model compared with ABAC.
\r\nA scenario that illustrates how this model is applied to the real world
\r\nis provided.","references":"[1] Garnaut P., Thompson J., \u201dReview of Data Integrity Models in\r\nMulti-Level Security Environments,\u201d Technical Report DSTO-TN-0971,\r\nDefence Science And Technology Organisation Edinburgh Command\r\nControl Communications And Intelligence Div, Australia, Feb. 2012.\r\n[2] Alexander P, Pike L, Loscocco P, et al., \u201dModel Checking Distributed\r\nMandatory Access Control Policies,\u201d J. Acm Transactions on Information\r\n& System Security, vol. 18, no. 6, pp. 1-25, Dec. 2015, doi:\r\n10.1145\/2785966.\r\n[3] Zamite J, Domingos D, Silva M J, et al., \u201dGroup-Based Discretionary\r\nAccess Control in Health Related Repositories,\u201d J. Journal of\r\nInformation Technology Research, vol. 7, no. 1, pp. 78-94, 2014, doi:\r\n10.4018\/jitr.2014010106.\r\n[4] Zhou L, Varadharajan V, Hitchens M, \u201dTrust Enhanced Cryptographic\r\nRole-Based Access Control for Secure Cloud Data Storage,\u201d J.\r\nInformation Forensics & Security IEEE Transactions on, vol. 10, no. 11,\r\npp. 2381-2395, 2015, doi: 10.1109\/TIFS.2015.2455952.\r\n[5] Yi Liu, Ke Xu, Junde Song, \u201dA Task-Attribute-Based Workflow Access\r\nControl Model,\u201d Proc. 2013 IEEE International Conference on Green\r\nComputing and Communications and IEEE Internet of Things and IEEE\r\nCyber, Physical and Social Computing, IEEE, pp. 1330-1334, Aug. 2013,\r\ndoi: 10.1109\/GreenCom-iThings-CPSCom.2013.231.\r\n[6] Vincent C. Hu, et al., \u201dGuide to Attribute Based Access Control(abac)\r\nDefinition and Considerations,\u201d National Institute of Standards and\r\nTechnology, Gaithersburg, 2014.\r\n[7] E. Yuan, J. Tong, \u201dAttributed Based Access Control (ABAC)\r\nfor Web Services,\u201d Proc. 2005 IEEE International Conference\r\non Web Services(ICWS), IEEE, pp. 561-569, Jul. 2005, doi:\r\n10.1109\/ICWS.2005.25.\r\n[8] Hakima Ould-Slimane, Moustapha Bande, Hanifa Boucheneb,\r\n\u201dWiseShare: A Collaborative Environment for Knowledge Sharing\r\nGoverned by ABAC Policies,\u201d Collaborative Computing: Networking,\r\nApplications and Worksharing (CollaborateCom), 2012 8th\r\nInternational Conference on, IEEE, pp. 21-29, Oct. 2012, doi:\r\n10.4108\/icst.collaboratecom.2012.250402.\r\n[9] Maryam Ed-Daibouni, Adil Lebbat, Saida Tallal, Hicham Medromi,\r\n\u201dToward a New Extension of the Access Control Model ABAC for\r\nCloud Computing,\u201d Advances in Ubiquitous Networking. Lecture Notes in\r\nElectrical Engineering, Sabir E., Medromi H., Sadik M., eds., Singapore:\r\nSpringer, pp. 79-89, Feb. 2016, doi: 10.1007\/978-981-287-990-5 7.\r\n[10] Vincent C. Hu, D. Richard Kuhn, David F. Ferraiolo, \u201dAttribute-Based\r\nAccess Control,\u201d J. Computer, vol. 48, no. 2, pp. 85-88, Feb. 2015, doi:\r\n10.1109\/MC.2015.33.\r\n[11] Xu D., Kent M., Thomas L., et al. \u201dAutomated Model-Based Testing\r\nof Role-Based Access Control Using Predicate\/Transition Nets,\u201d J. IEEE\r\nTransactions on Computers, vol. 64, no. 9, pp. 2490-2505, Sep. 2015,\r\ndoi:10.1109\/TC.2014.2375189.\r\n[12] Mike Burmester, Emmanouil Magkos, Vassilis Chrissikopoulos,\r\n\u201dT-ABAC: An Attribute-based Access Control Model for Real-time\r\nAvailability in Highly Dynamic Systems,\u201d Proc. Computers and\r\nCommunications(ISCC), 2013 IEEE Symposium on, IEEE, pp. 143-148,\r\nJul. 2013, doi: 10.1109\/ISCC.2013.6754936.\r\n[13] Laurent Gomez, Slim Trabelsi, \u201dObligation Based Access\r\nControl,\u201d On the Move to Meaningful Internet Systems: OTM\r\n2014 Workshops. OTM 2014. Lecture Notes in Computer Science,\r\nMeersman R. et al., eds., Berlin: Springer, pp. 79-89, Oct. 2014, doi:\r\n10.1007\/978-3-662-45550-0 15.\r\n[14] Claudio Bettini, Sushil Jajodia, X. Sean Wang, Duminda Wijesekera,\r\n\u201dProvisions and Obligations in Policy Management and Security\r\nApplications,\u201d Proc. VLDB \u201902 Proceedings of the 28th international\r\nconference on Very Large Data Bases, VLDB Endowment, pp. 502-513,\r\nAug. 2002, doi: 10.1016\/B978-155860869-6\/50051-2.\r\n[15] Gansen Zhao, David Chadwick, Sassa Otenko, \u201dObligation for Role\r\nBased Access Control,\u201d Proc. Advanced Information Networking and\r\nApplications Workshops, 2007, AINAW \u201907. 21st International Conference\r\non, IEEE, pp. 424-431, May 2007, doi: 10.1109\/AINAW.2007.267.\r\n[16] Michael J. Covington, Manoj R. Sastry, \u201dA Contextual Attribute-Based\r\nAccess Control Model,\u201d On the Move to Meaningful Internet Systems\r\n2006: OTM 2006 Workshops. OTM 2006. Lecture Notes in Computer\r\nScience, Meersman R., Tari Z., Herrero P., eds., Berlin: Springer-Verlag,\r\npp. 1996-2006, Nov. 2006, doi: 10.1007\/11915072 108.\r\n[17] Anoop Singhal, Theodore Winograd, Karen Scarfone, \u201dGuide to Secure\r\nWeb Services,\u201d National Institute of Standards and Technology Special\r\nPublication, Gaithersburg, 2007.\r\n[18] Bill Parducci, Hal Lockhart, Rich Levinson, \u201deXtensible Access Control\r\nMarkup Language (XACML) Version 3.0,\u201d Burlington, USA: OASIS,\r\n2013.\r\n[19] Mehdi Sabbari, Hadiseh Seyyed Alipour, \u201dImproving Attribute Based\r\nAccess Control Model for Web Services,\u201d Proc. Information and\r\nCommunication Technologies (WICT), 2011 World Congress on, IEEE,\r\npp. 1223-1228, Dec. 2011, doi: 10.1109\/WICT.2011.6141423.","publisher":"World Academy of Science, Engineering and Technology","index":"Open Science Index 126, 2017"}