Efficient selection of access control systems through multi criteria analytical hierarchy process

Access control is the process by which the system grants or denies a request made to it, by the user, for the data it maintains. Often the systems providing the services are open ended and face the access control dilemma. If the beneficiaries of the system are too restricted, then the servicing nature of the system loses flexibility. Otherwise the system with lenient access control policy posses threats to the existence of the system itself. As a remedy several access control models like ACL, DAC, MAC, RBAC and other have been proposed and each of which comes with its own baggage of pros and cons. These models protect only the data against unauthorized access until some access decision is made. On the other hand as the computer systems advance, they present new challenges and the traditional access models do not respond to them effectively. In this paper we have analyzed the existing access control models, compared them and finally provided the statistical criteria for selecting the best model depending upon the users' needs and requirements.

[1]  Jan-Erik Ekberg,et al.  Mandatory Access Control for Mobile Devices , 2008 .

[2]  Sabrina De Capitani di Vimercati,et al.  Access Control Policies, Models, and Mechanisms , 2011, Encyclopedia of Cryptography and Security.

[3]  Chris Shiflett,et al.  Essential PHP security - a guide to building secure web applications , 2005 .

[4]  Ravi S. Sandhu,et al.  A model for attribute-based user-role assignment , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[5]  Ravi S. Sandhu,et al.  Configuring role-based access control to enforce mandatory and discretionary access control policies , 2000, TSEC.

[6]  Jianhua Li,et al.  Methodology of Quantitative Risk Assessment for Information System Security , 2005, CIS.

[7]  Rakesh Bobba,et al.  Using Attribute-Based Access Control to Enable Attribute-Based Messaging , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[8]  Patrick R. Gallagher A GUIDE TO UNDERSTANDING DISCRETIONARY ACCESS CONTROL IN TRUSTED SYSTEMS , 1987 .

[9]  Elisa Bertino,et al.  A generalized temporal role-based access control model , 2005, IEEE Transactions on Knowledge and Data Engineering.

[10]  Jay Ramachandran,et al.  Designing Security Architecture Solutions , 2002 .

[11]  Bhavani Thuraisingham Mandatory Access Control , 2009 .

[12]  Robert Colvin,et al.  Early Validation and Verification of a Distributed Role-Based Access Control Model , 2007, 14th Asia-Pacific Software Engineering Conference (APSEC'07).

[13]  Fabio Martinelli,et al.  Usage control in computer security: A survey , 2010, Comput. Sci. Rev..

[14]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[15]  Jaehong Park,et al.  Towards usage control models: beyond traditional access control , 2002, SACMAT '02.

[16]  Xu Hong-wei Temporal Role-Based Access Control Model , 2009 .

[17]  Elisa Bertino,et al.  TRBAC: a temporal role-based access control model , 2000, RBAC '00.

[18]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[19]  BertinoElisa,et al.  A Generalized Temporal Role-Based Access Control Model , 2005 .

[20]  Carole S. Jordan A Guide to Understanding Discretionary Access Control in Trusted Systems , 1987 .