Comparative Analysis of Existing Access Control Models in Systems with Interchangeable Objects
Abstract
The paper examines usage peculiarities of existing access control models in systems with interchangeable objects. Interchangeable objects are understood to be objects that have the same functionality but different characteristics. Such systems can be focused on performing of a set of tasks with certain specific requirements for each of tasks. A health care institution is an example of such system, where each subject of the system is a doctor providing treatment services to patients and objects with the access that requires monitoring are drugs. In order to treat the same disease, a doctor can be provided with a variety of drugs that have the same functionality, but different characteristics. Both classic access control models (HRU, RBAC) and models meant for dynamic systems (TBAC, DEBAC) are discussed. The analysis is conducted in the context of access rights redundancy, differentiation in accordance with the tasks, as well as flexibility and complexity of the security policy administration. In terms of the performed analysis the necessity to create a new mathematical access control model suited for the examined systems is proved.
DOI 10.14258/izvasu(2016)1-25
Downloads
References
Лапин С.А. Применение модели разграничения доступа D-TBAC в медицинском учреждении для контроля доступа к лекарственным препаратам // Новые информационные технологии и системы : cб. науч. ст. XII Междунар. науч.-тех. конф. — Пенза, 2015.
Harrison M., Ruzzo W., Ullman J. Protection in Operating Systems // Commun. ACM. — New York, 1976. — V. 19, № 8. DOI: 10.1145/ 360303.360333
Девянин П.Н. Модели безопасности компьютерных систем. Управление доступом и информационными потоками : учебное пособие для вузов. — М., 2013.
Sandhu R. Role-based Access Control // Advances in Computers. — 1998. — V. 46. DOI: 10.1016/S0065-2458(08)60206-5
Ferraiolo D., Sandhu R., Gavrila S., Kuhn R., Chandramouli R. Proposed NIST Standard for Role-based Access Control // ACM Trans. Inf. Syst. Secur. — 2001. — V. 4, № 3. DOI: 10.1145/501978.501980
Thomas R., Sandhu R. Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management // Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects. — London, 1998.
Cvrˇcek D. Access Control in Workflow Systems // MOSIS’99 Proceedings. — Roˇznov pod Radhoˇstˇem, 1999.
Zhang C., Hu Y., Zhang G. Task-Role Based Dual System Access Control Model // International Journal of Computer Science and Network Security — 2006. — V. 7, № 6.
Лепешкин О.М., Харечкин П.В. Функционально-ролевая модель управления доступом в социотехнических системах // Известия Южного федерального университета. Технические науки. — 2009. — Т. 100, № 11.
Bertolissi C., Fern´andez M., Barker S. Dynamic Event-Based Access Control as Term Rewriting // Proceedings of the 21st Annual IFIP WG 11.3 Working Conference on Data and Applications Security. — California, 2007. DOI: 10.1007/978-3-540-73538-0_15
Lapin S. Access control model D-TBAC subject to the requirements to tasks’ performing // Proceedings of the 8th International Conference on Security of Information and Networks. — New York, 2015. DOI: 10.1145/2799979.2800034
Izvestiya of Altai State University is a golden publisher, as we allow self-archiving, but most importantly we are fully transparent about your rights.
Authors may present and discuss their findings ahead of publication: at biological or scientific conferences, on preprint servers, in public databases, and in blogs, wikis, tweets, and other informal communication channels.
Izvestiya of Altai State University allows authors to deposit manuscripts (currently under review or those for intended submission to Izvestiya of Altai State University) in non-commercial, pre-print servers such as ArXiv.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License (CC BY 4.0) that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
