A novel multilayer AAA model for integrated applications

Nowadays, one of the problems in current authentication, authorization and accounting (AAA) model is lack of accurate roadmap of access management in integrated applications based on operational needs. In the current systems, attributes are used as effective parameters of AAA in static form. We want to present that, in order to have an efficient AAA model, we should consider AAA requirements via multilayers security policies. In this paper, a comprehensive approach is represented which defines designing AAA not only for operational and implementation level, but also in the enterprise level. In this regard, the proposed model provides all security requirements for the establishment of appropriate application-level AAA. Some of these requirements must be obtained from regulations and threat modeling, and some of other are calculated by business processes and also operational levels. According to proposed multilayer approach, the evaluation must be considered in several dimensions. So, we’ll evaluate several aspects of the proposed model. The results show that the proposed model covers many security requirements as well. It can also be useful to enhance the information security in integrated applications.

[1]  Abhishek Majumder,et al.  Taxonomy and Classification of Access Control Models for Cloud Environments , 2014 .

[2]  Wang Jianping A Role-based Access Control Model , 2004 .

[3]  Madjid Nakhjiri,et al.  AAA and Network Security for Mobile Access: Radius, Diameter, EAP, PKI and IP Mobility , 2005 .

[4]  Joshua M. Franklin,et al.  Considerations for Identity Management in Public Safety Networks , 2015 .

[5]  Vijayalakshmi Atluri,et al.  AMTRAC: An administrative model for temporal role-based access control , 2013, Comput. Secur..

[6]  Ritesh Shah,et al.  Review on Database Access Control Mechanisms and Models , 2015 .

[7]  Arif Ghafoor,et al.  Risk-Aware Management of Virtual Resources in Access Controlled Service-Oriented Cloud Datacenters , 2018, IEEE Transactions on Cloud Computing.

[8]  Luigi Logrippo,et al.  Access Control Policies: Modeling and Validation , 2005 .

[9]  RajaniKanth Aluvalu,et al.  A Survey on Access Control Models in Cloud Computing , 2015 .

[10]  Indrajit Ray,et al.  A Trust-Based Access Control Model for Pervasive Computing Applications , 2009, DBSec.

[11]  Zhixiong Zhang Scalable Role & Organization Based Access Control and Its Administration , 2008 .

[12]  Elisa Bertino,et al.  Access Control for Databases: Concepts and Systems , 2011, Found. Trends Databases.

[13]  Dieter Van Nuffel,et al.  Multi-abstraction layered business process modeling , 2012, Comput. Ind..

[14]  Ed Dawson,et al.  BP-XACML an Authorisation Policy Language for Business Processes , 2015, ACISP.

[15]  Ravi S. Sandhu,et al.  An Attribute Based Framework for Risk-Adaptive Access Control Models , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[16]  Arif Ghafoor,et al.  Risk-Aware Virtual Resource Management for Multitenant Cloud Datacenters , 2014, IEEE Cloud Computing.

[17]  Manachai Toahchoodee Access control models for pervasive computing environments , 2010 .

[18]  Farzad Salim,et al.  Approaches to access control under uncertainty , 2012 .

[19]  Liang Chen,et al.  Risk-Aware Role-Based Access Control , 2011, STM.

[20]  Ron Lepofsky,et al.  COBIT® 5 for Information Security , 2014 .

[21]  David F. Ferraiolo,et al.  Guide to Attribute Based Access Control (ABAC) Definition and Considerations , 2014 .

[22]  Patrice Clemente,et al.  An extended attribute based access control model with trust and privacy: Application to a collaborative crisis management system , 2014, Future Gener. Comput. Syst..

[23]  Georg Disterer,et al.  ISO/IEC 27000, 27001 and 27002 for Information Security Management , 2013 .

[24]  Ed Dawson,et al.  Budget-aware Role Based Access Control , 2013, Comput. Secur..

[25]  Liang Chen,et al.  Analyzing and developing role-based access control models , 2011 .

[26]  Kamel Adi,et al.  Information Flow-Based Security Levels Assessment for Access Control Systems , 2015, MCETECH.

[27]  Dino Schweitzer,et al.  A Visual Approach to Teaching Formal Access Models in Security , 2007 .

[28]  Elisa Bertino,et al.  Trusted enforcement of contextual access control , 2011 .

[29]  Xiangning Zhou,et al.  An Access Control Model of Workflow System Integrating RBAC and TBAC , 2007, I3E.

[30]  Henk C. A. van Tilborg,et al.  Encyclopedia of Cryptography and Security, 2nd Ed , 2005 .

[31]  Morteza Amini,et al.  A Context-Aware Mandatory Access Control Model for Multilevel Security Environments , 2008, SAFECOMP.

[32]  Jacob Biloki,et al.  Analysis of Role-Based Access Control , 2016 .

[33]  Fatih Turkmen Exploring Dynamic Constraint Enforcement and Efficiency in Access Control , 2012 .

[34]  Morteza Amini,et al.  CAMAC: a context-aware mandatory access control model , 2009, ISC Int. J. Inf. Secur..