Dynamic Authorization Management: An Attribute-Based Access Control Model with POL Module
Authors/Creators
- 1. Abstract—Currently, resource sharing and system security are critical issues. This paper proposes a POL module composed of PRIVILEGE attribute (PA), obligation and log which improves attribute based access control (ABAC) model in dynamically granting authorizations and revoking authorizations. The following describes the new model termed PABAC in terms of the POL module structure, attribute definitions, policy formulation and authorization architecture, which demonstrate the advantages of it. The POL module addresses the problems which are not predicted before and not described by access control policy. It can be one of the subject attributes or resource attributes according to the practical application, which enhances the flexibility of the model compared with ABAC. A scenario that illustrates how this model is applied to the real world is provided.
Description
—Currently, resource sharing and system security are critical issues. This paper proposes a POL module composed of PRIVILEGE attribute (PA), obligation and log which improves attribute based access control (ABAC) model in dynamically granting authorizations and revoking authorizations. The following describes the new model termed PABAC in terms of the POL module structure, attribute definitions, policy formulation and authorization architecture, which demonstrate the advantages of it. The POL module addresses the problems which are not predicted before and not described by access control policy. It can be one of the subject attributes or resource attributes according to the practical application, which enhances the flexibility of the model compared with ABAC. A scenario that illustrates how this model is applied to the real world is provided
Files
JCE-v10-I02-004.pdf
Files
(508.1 kB)
| Name | Size | Download all |
|---|---|---|
|
md5:3bd3dabf1194044393121fa471e12c63
|
508.1 kB | Preview Download |