Greedy algorithm for least privilege in RBAC model
COCOA'11 Proceedings of the 5th international conference on Combinatorial optimization and applications
| Hi-index | 0.00 |
Sensitive information is one of core competence concerning with the development of the enterprise business. Tremendous pressure on today's enterprises to achieve and sustain competitive advantage has led to heightened efforts to protect sensitive information. Many enterprises have recognized that the key to sensitive information management improvement lies in the better access control model. In this paper, we present a boundary-based access control model incorporating an advanced security mechanism, in order to support fine-grained authorizations in the right time for the provision of services, based on the analysis of system boundary. In this model, access permissions are controlled by the state transitions at different layers including workflow layers, control layers and data layers. The access control mechanism is based on an RBAC model, which incorporates dynamic context information. Context is classified based on the analysis of system boundary into six main categories, which is further categorized as simple condition and composite condition, thus forming a multi-level context. In a multi-level hierarchy of context conditions, the access control model is implemented dynamically, by checking the context constraint associated with each access task at the time of the specific request submission, whose functionality and the constituent parts have been described formally and in detail.