一个轻量级的基于动态属性的访问控制模块，集成了业务规则

2016 IEEE 10th International Conference on Application of Information and Communication Technologies (AICT) Pub Date : 2016-10-01 DOI:10.1109/ICAICT.2016.7991700

Vali Tawosi

{"title":"一个轻量级的基于动态属性的访问控制模块，集成了业务规则","authors":"Vali Tawosi","doi":"10.1109/ICAICT.2016.7991700","DOIUrl":null,"url":null,"abstract":"User authorization in software systems is and has been a serious security concern for a long time. Attribute based Access Control (ABAC), as a new model of user authorization, makes it possible to restrict user access based on rules against different attributes. In the context of service access control in enterprise systems, it seems necessary to separate business rules from service logic and user authorization mechanism. This paper is an experimental report on the implementation of an ABAC module in which business rules are used to restrict user access to the services. The ever changing nature of the business rules in an enterprise system made a necessity to the proposal of such a light weight dynamic attribute based access control module, in which end user is able to change access policies and business rules in run time. Challenges of building this module are revealed and plausible solutions which have been put in place are reported.","PeriodicalId":446472,"journal":{"name":"2016 IEEE 10th International Conference on Application of Information and Communication Technologies (AICT)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"A light weight dynamic attribute based access control module integrated with business rules\",\"authors\":\"Vali Tawosi\",\"doi\":\"10.1109/ICAICT.2016.7991700\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"User authorization in software systems is and has been a serious security concern for a long time. Attribute based Access Control (ABAC), as a new model of user authorization, makes it possible to restrict user access based on rules against different attributes. In the context of service access control in enterprise systems, it seems necessary to separate business rules from service logic and user authorization mechanism. This paper is an experimental report on the implementation of an ABAC module in which business rules are used to restrict user access to the services. The ever changing nature of the business rules in an enterprise system made a necessity to the proposal of such a light weight dynamic attribute based access control module, in which end user is able to change access policies and business rules in run time. Challenges of building this module are revealed and plausible solutions which have been put in place are reported.\",\"PeriodicalId\":446472,\"journal\":{\"name\":\"2016 IEEE 10th International Conference on Application of Information and Communication Technologies (AICT)\",\"volume\":\"16 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE 10th International Conference on Application of Information and Communication Technologies (AICT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICAICT.2016.7991700\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE 10th International Conference on Application of Information and Communication Technologies (AICT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICAICT.2016.7991700","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

长期以来，软件系统中的用户授权一直是一个严重的安全问题。基于属性的访问控制(ABAC)是一种新的用户授权模型，它可以根据不同属性的规则来限制用户的访问。在企业系统中的服务访问控制上下文中，似乎有必要将业务规则与服务逻辑和用户授权机制分离开来。本文是关于ABAC模块实现的实验报告，其中使用业务规则来限制用户对服务的访问。企业系统中业务规则不断变化的特性使得有必要提出这种轻量级的基于动态属性的访问控制模块，在该模块中，最终用户能够在运行时更改访问策略和业务规则。揭示了构建该模块的挑战，并报告了已经实施的合理解决方案。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A light weight dynamic attribute based access control module integrated with business rules

User authorization in software systems is and has been a serious security concern for a long time. Attribute based Access Control (ABAC), as a new model of user authorization, makes it possible to restrict user access based on rules against different attributes. In the context of service access control in enterprise systems, it seems necessary to separate business rules from service logic and user authorization mechanism. This paper is an experimental report on the implementation of an ABAC module in which business rules are used to restrict user access to the services. The ever changing nature of the business rules in an enterprise system made a necessity to the proposal of such a light weight dynamic attribute based access control module, in which end user is able to change access policies and business rules in run time. Challenges of building this module are revealed and plausible solutions which have been put in place are reported.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 IEEE 10th International Conference on Application of Information and Communication Technologies (AICT)

自引率

0.00%

发文量