A Novel Role-Based-Access-Control(RBAC) Framework and Application
- DOI
- 10.2991/icemct-15.2015.43How to use a DOI?
- Keywords
- RBAC, Access Control, Internet Security, Novel Framework and Application
- Abstract
In recent time, RBAC has gained and kept a dominant stage of AC(access control) in the research area and industry, respectively. Over the time, needs for risk awareness in AC has paid special attention. Even though, role based access control conquers risk via inner features, a quantified method of risk awareness has been proposed as a leading and fascinating research topic due to its inherent flexibility. In this approach, risk-cost metrics are calculated for different entities involved in AC such as users and related objects and a risk threshold restricts the permissions which could be exercised. The quantified methodology arranges dynamism in access decisions procedure based on contexts-situations such as an worker accessing sensitive files through a work computer versus accessing using her own device. In this paper, we compare the difference between the traditional risk mitigation and the recent quantified risk-aware approaches in RBAC and propose a framework for introducing risk-awareness in RBAC models that incorporates quantified-risk. We also provide a formal specification of an adaptive risk-aware RBAC model by enhancing the NIST core RBAC model.
- Copyright
- © 2015, the Authors. Published by Atlantis Press.
- Open Access
- This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
Cite this article
TY - CONF AU - Yanjie Zhou AU - Min Wen PY - 2015/06 DA - 2015/06 TI - A Novel Role-Based-Access-Control(RBAC) Framework and Application BT - Proceedings of the 2015 International Conference on Education, Management and Computing Technology PB - Atlantis Press SP - 203 EP - 206 SN - 2352-5398 UR - https://doi.org/10.2991/icemct-15.2015.43 DO - 10.2991/icemct-15.2015.43 ID - Zhou2015/06 ER -