TY - JOUR
T1 - Active access control (AAC) with fine-granularity and scalability
AU - Park, Joon S.
AU - An, Gaeil
AU - Liu, Ivy Y.
N1 - Copyright:
Copyright 2019 Elsevier B.V., All rights reserved.
PY - 2011/10
Y1 - 2011/10
N2 - Strong access control mechanisms become most critical when we need security services in large-scale computing environments of sensitive organizations. Furthermore, if users join or leave such computing environment frequently, requiring different access control decisions based on their current job responsibilities and contexts, the need for advanced access control is pressing. Although the currently available access control approaches have a great potential for providing reliable service, there are still critical obstacles to be solved, especially in large-scale, dynamic computing environments. In this paper we introduce an advanced access control mechanism, Active Access Control (AAC), which accounts for the ability to make dynamic access control decisions based not only on pre-defined privileges, but also on the current situation of the user. The framework of the proposed AAC approach provides fine-grained access control, by considering a variety of attributes about the user and the current computing environment, especially, when the users contexts are frequently changed. Although the outputs of the AAC approach can be integrated with any other existing access control mechanisms and improve the overall fine-granularity, as a full demonstration of our approach for fine-granularity as well as scalability, in this particular paper we focus on large-scale computing environments and integrate the AAC results with the role-based approach. Finally, in order to prove the feasibility of our proposed idea we implement the AAC approach with roles and discuss the evaluation results with existing approaches.
AB - Strong access control mechanisms become most critical when we need security services in large-scale computing environments of sensitive organizations. Furthermore, if users join or leave such computing environment frequently, requiring different access control decisions based on their current job responsibilities and contexts, the need for advanced access control is pressing. Although the currently available access control approaches have a great potential for providing reliable service, there are still critical obstacles to be solved, especially in large-scale, dynamic computing environments. In this paper we introduce an advanced access control mechanism, Active Access Control (AAC), which accounts for the ability to make dynamic access control decisions based not only on pre-defined privileges, but also on the current situation of the user. The framework of the proposed AAC approach provides fine-grained access control, by considering a variety of attributes about the user and the current computing environment, especially, when the users contexts are frequently changed. Although the outputs of the AAC approach can be integrated with any other existing access control mechanisms and improve the overall fine-granularity, as a full demonstration of our approach for fine-granularity as well as scalability, in this particular paper we focus on large-scale computing environments and integrate the AAC results with the role-based approach. Finally, in order to prove the feasibility of our proposed idea we implement the AAC approach with roles and discuss the evaluation results with existing approaches.
KW - Access control
KW - Security
KW - Trust
UR - http://www.scopus.com/inward/record.url?scp=80053108862&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=80053108862&partnerID=8YFLogxK
U2 - 10.1002/sec.236
DO - 10.1002/sec.236
M3 - Article
AN - SCOPUS:80053108862
VL - 4
SP - 1114
EP - 1129
JO - Security and Communication Networks
JF - Security and Communication Networks
SN - 1939-0114
IS - 10
ER -