A flexible hierarchical access control mechanism enforcing extension policies

ABSTRACT Some specific information or resources only can be accessed by authorized users. Discretionary access control (DAC), mandatory access control (MAC), and role‐based access control (RBAC) are three main classes of access control policies. MAC and RBAC are more secure than discretionary access...

Full description

Saved in:
Bibliographic Details
Published in:Security and communication networks 2015-01, Vol.8 (2), p.189-201
Main Author: Chang, Ya-Fen
Format: Article
Language:English
Subjects:
Access control
Computation
Cryptography
DAC
elliptic curve cryptosystems
hash
Hash based algorithms
hierarchical
MAC
Mathematical models
Multilevel
Policies
RBAC
Security
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:ABSTRACT Some specific information or resources only can be accessed by authorized users. Discretionary access control (DAC), mandatory access control (MAC), and role‐based access control (RBAC) are three main classes of access control policies. MAC and RBAC are more secure than discretionary access control because a system instead of an object's owner determines the policy. MAC is appropriate for multilevel applications with high security requirements such as military ones, while RBAC provides security and business benefits. Most institutions, companies, and governments are multilevel, so relationships between roles or security levels tend to be hierarchical. In this work, an access control mechanism, providing explicit transitive exception and antisymmetric arrangement, is proposed to provide flexible and appropriate solutions to hierarchical relationships. For practicability, no access control policy is strictly constrained in the proposed mechanism such that security classes can be determined according to specific requirements. The proposed mechanism employs an elliptic curve cryptosystem and a two‐layer hash approach to ensure security and computation efficiency. Copyright © 2014 John Wiley & Sons, Ltd. This figure is an example of access control in a hierarchy with explicit transitive exception and antisymmetric arrangement. In this work, an access control mechanism, providing explicit transitive exception and antisymmetric arrangement, is proposed to provide flexible and appropriate solutions to hierarchical relationships. The proposed mechanism employs an elliptic curve cryptosystem and a two‐layer hash approach to ensure security and computation efficiency.
ISSN:1939-0114
1939-0122
DOI:10.1002/sec.971