Action-Based Access Control Model and Administration of Actions

Access control is one of the powerful and generalized approaches of authorization decisions on information resources.Firstly,the environmental state is introduced and the term "action" is defined based on roles,temporal states and environmental states.Actions can be used to capture security-relevant aspects of roles,temporal states and environmental states in different information systems.Then,the action hierarchy,temporal hierarchy,environmental hierarchy and Action-Based Access Control(ABAC)model are presented.And the relationship among roles,temporal states and environmental states are analyzed.By introducing the limited temporal states and environmental states,the administrative action and administrative model for ABAC are described.The controlling relations of user-administrative action and administrative action-administrative permission are proposed.By Z-notation,the functions of AddAction,ModifyAction and DeleteAction are introduced.Moreover,the related methods for ABAC administrative model are presented.Compared with the existing models,the ABAC model can solve the problem of access control in information systems with mobile computation.