A Dynamic Access Control Model Using Authorising Workfow and Task Role-based Access Control

Prof Doc Thesis


Uddin, M. 2020. A Dynamic Access Control Model Using Authorising Workfow and Task Role-based Access Control. Prof Doc Thesis University of East London School of Architecture, Computing and Engineering https://doi.org/10.15123/uel.895y7
AuthorsUddin, M.
TypeProf Doc Thesis
Abstract

Access control is fundamental and prerequisite to govern and safeguard information assets within an organisation. Organisations generally use Web enabled remote access coupled with applications access distributed across various networks. These networks face various challenges including increase operational burden and monitoring issues due to the dynamic and complex nature of security policies for access control. The increasingly dynamic nature of collaborations means that in one context a user should have access to sensitive information, whilst not being allowed access in other contexts. The current access control models are static and lack Dynamic Segregation of Duties (SoD), Task instance level of Segregation, and decision making in real time. This thesis addresses these limitations describes tools to support access management in borderless network environments with dynamic SoD capability and real time access control decision making and policy enforcement. This thesis makes three contributions: i) Defining an Authorising Workflow Task Role Based Access Control (AW-TRBAC) using existing task and workflow concepts. This new workflow integrates dynamic SoD, whilst considering task instance restriction to ensure overall access governance and accountability. It enhances existing access control models such as Role Based Access Control (RBAC) by dynamically granting users access rights and providing access governance. ii) Extension of the OASIS standard of XACML policy language to support dynamic access control requirements and enforce access control rules for real time decision making. This mitigates risks relating to access control, such as escalation of privilege in broken access control, and insucient logging and monitoring. iii) The AW-TRBAC model is implemented by extending the open source XACML (Balana) policy engine to demonstrate its applicability to a real industrial use case from a financial institution. The results show that AW-TRBAC is scalable, can process relatively large numbers of complex requests, and meets the requirements of real time access control decision making, governance and mitigating broken access control risk.

Year2020
PublisherUniversity of East London
Digital Object Identifier (DOI)https://doi.org/10.15123/uel.895y7
File
License
File Access Level
Anyone
Publication dates
Online17 May 2021
Publication process dates
SubmittedJul 2020
Deposited17 May 2021
Permalink -

https://repository.uel.ac.uk/item/895y7

Download files

File
2020_DProf_Uddin.pdf
License: CC BY-NC-ND 4.0
File access level: Anyone

  • 8
    total views
  • 5
    total downloads
  • 4
    views this month
  • 3
    downloads this month

Export as

Related outputs

A Dynamic Access Control Model Using Authorising Workflow and Task-Role-Based Access Control
Uddin, M., Islam, S. and Al-Nemrat, A. 2019. A Dynamic Access Control Model Using Authorising Workflow and Task-Role-Based Access Control. IEEE Access. 7 (Art. 166676). https://doi.org/10.1109/ACCESS.2019.2947377