DocumentCode :
2453590
Title :
Extended Provision-Based Access Control Model
Author :
Farkhani, Toktam Ramezani ; Razzazi, Mohammad Reza
Author_Institution :
CEIT Dept., Amirkabir University of Technology, Tehran, Iran. tramezanif@cic.aut.ac.ir
Volume :
2
fYear :
2006
fDate :
24-28 April 2006
Firstpage :
3293
Lastpage :
3297
Abstract :
Over the years, a wide variety of access control models and policies have been proposed and almost all models have assumed "grant the access request or deny it". The notation of provisional action which have been proposed, tells the user that her/his request will be authorized provided he/she (and/or the system) performs certain security actions e.g. encryption in file transfer and etc. The major advantage of this approach is that arbitrary actions such as cryptographic operations can all coexist in the access control policy rules. Although this approach has many advantages but it fails in some circumstances and needs new facilities and capabilities to overcome them. PBAC model lacks active/passive roles concept so we define a new concept named session. A user can initiate a session by activating some of the roles and groups in a period of time, under certain conditions. In addition, the other new concepts such as constraints on role assignments, avoiding conflicting permissions, limiting the grant of permissions to some specific roles rather than a normal user, and etc. have been added to the original PBAC model in a formal manner.
Keywords :
Access control; Authorization; Cryptography; Employment; Information security; Permission; Runtime; Writing;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Information and Communication Technologies, 2006. ICTTA '06. 2nd
Print_ISBN :
0-7803-9521-2
Type :
conf
DOI :
10.1109/ICTTA.2006.1684944
Filename :
1684944
Link To Document :
بازگشت