Organization structure based access control model

  • Authors:

  • Ke-jun Sheng;Ji-qiang Liu;Xin Liu

  • Affiliations:

  • Naval engineering university, Hubei, Wuhan China;Beijing Jiaotong university, Beijing, China;Naval engineering university, Hubei, Wuhan China

  • Venue:
  • InfoSecu '04 Proceedings of the 3rd international conference on Information security
  • Year:
  • 2004

Quantified Score

Hi-index 0.00

Visualization

Abstract

The Internet/Intranet information systems have been used by many enterprise and government department in their practical routine works today, how to design an access control model to ensure the security of their information systems become a first important problem. The aim of setting up an organization structure is to accomplish its charged tasks. There are many roles corresponding to the job duty needed in an organization structure, and a hierarchy relation exists among these roles. In order to complete the taks charged by an organization structure, there must be a two-way information flow, administrative and supervisory relation between high level roles and its low level roles, and the confidentiality and integrity clearance of the high level roles is usually higher than that of the lower one. According to these characteristic of the organization structure, we present an organization structure based access control model, which take trusted component verification of confidentiality, integrity, security policy and object transformation as foundation, securely performed task as means, and the log auditing as assistant measure.