Affiliation:
1. East China University of Political Science and Law
2. East China Normal University
Abstract
To solve the problem of only considering constraint verification and ignoring current running environmental security, Economical risk is applied in Role-Based Access Control (RBAC) to weigh user needs and environmental security according to context information and current environment. A model for Role-Based Risk Adaptive Access Control (RRAAC) combining traditional RBAC with new Risk Adaptable Access Control (RAdAC), and the method of risk calculation used in RRAAC model and its mathematic analysis and verification are presented in this paper. This RRAAC model has already been realized in a general personnel management system and experimental result shows that this model possesses great flexibility and certain adaptability coping with environmental changes during access control and task executing in business processes.
Publisher
Trans Tech Publications, Ltd.
Reference9 articles.
1. FU Song-ling, TAN Qing-ping. Security Task & Role-based Distributed Workflow Model. Journal of National University of Defense Technology, 26(3): 57-62, (2004).
2. R. McGraw. Risk-Adaptable Access Control (RAdAC). NIST-National Institute of Standards and Technology-Information Technology Laboratory, (2009).
3. R. Choudhary. A Policy Based Architecture for NSA RAdAC Model. Proceedings of IEEE Workshop on Information Assurance and Security, 294-301, (2005).
4. S. Kandala, R. Sandhu, V. Bhamidipati. An Attribute Based Framework for Risk-Adaptive Access Control Models. The Sixth International Conference on Availability and Security, 236-241, (2011).
5. W. Han, Q. Ni, H. Chen. Apply Measurable Risk to Strength Security of a Role-Based Delegation supporting Workflow System. IEEE International Symposium on Policies for Distributed Systems and Networks, 45-52, (2009).
Cited by
1 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献