Attribute based access control constraint based on subject similarity

Access control constraint aims to avoid risky or sensitive set of objects being possessed by similar subjects. In order to improve the flexibility of constraints, this paper first examines potential inner-relationships among subjects, objects, and also the relationships between them in access control respectively, then proposes revised attribute-based access control constraint based on subject similarity. Test results shows this constraint is flexible. It effectively prevents similar subjects plot together to attack the application system.

[1]  Eduardo B. Fernández,et al.  A Pattern System for Access Control , 2004, DBSec.

[2]  Kuo-Sen Chou,et al.  A practical Chinese wall security model in cloud computing , 2011, 2011 13th Asia-Pacific Network Operations and Management Symposium.

[3]  Jorge Lobo,et al.  Practical risk aggregation in RBAC models , 2012, SACMAT '12.

[4]  Mucheol Kim,et al.  Trust and Risk based Access Control and Access Control Constraints , 2011, KSII Trans. Internet Inf. Syst..

[5]  Jason Crampton,et al.  Specifying and enforcing constraints in role-based access control , 2003, SACMAT '03.

[6]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[7]  Alireza Sharifi,et al.  Least-restrictive enforcement of the Chinese wall security policy , 2013, SACMAT '13.

[8]  Ruixuan Li,et al.  Mining constraints in role-based access control , 2012, Math. Comput. Model..

[9]  Hong Chen,et al.  Constraint generation for separation of duty , 2006, SACMAT '06.