Open AccessA flexible hierarchical access control mechanism enforcing extension policies
Author(s) -
Chang YaFen
Publication year - 2014
Publication title -
security and communication networks
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.446
H-Index - 43
eISSN - 1939-0122
pISSN - 1939-0114
DOI - 10.1002/sec.971
Subject(s) - access control , role based access control , computer science , computer access control , computer security , discretionary access control , mandatory access control , security policy , computer network , distributed computing
Some specific information or resources only can be accessed by authorized users. Discretionary access control (DAC), mandatory access control (MAC), and role‐based access control (RBAC) are three main classes of access control policies. MAC and RBAC are more secure than discretionary access control because a system instead of an object's owner determines the policy. MAC is appropriate for multilevel applications with high security requirements such as military ones, while RBAC provides security and business benefits. Most institutions, companies, and governments are multilevel, so relationships between roles or security levels tend to be hierarchical. In this work, an access control mechanism, providing explicit transitive exception and antisymmetric arrangement, is proposed to provide flexible and appropriate solutions to hierarchical relationships. For practicability, no access control policy is strictly constrained in the proposed mechanism such that security classes can be determined according to specific requirements. The proposed mechanism employs an elliptic curve cryptosystem and a two‐layer hash approach to ensure security and computation efficiency. Copyright © 2014 John Wiley & Sons, Ltd.