{"title":"Classification Model for Access Control Constraints","authors":"Mathias Kohler, C. Liesegang, A. Schaad","doi":"10.1109/PCCC.2007.358921","DOIUrl":null,"url":null,"abstract":"Whether access is given to a protected entity is decided upon evaluation of access control constraints. Though some initial approaches to classify access control constraints can be identified in the current literature, they must be considered as too broad with respect to today's multi-layered system landscapes. In this paper we present a classification model for authorization constraint types extracted from recent publications. We identify common restriction characteristics and classify the constraint types depending on their information sources necessary for constraint evaluation. We identified the following authorization classes: authentication, ontology, environment, and activity. We further propose a system architecture supporting these classes. We map our model architecture onto the Windows 2003 Authorization Manager, identify the components equal to our proposed architecture and emphasize which authorization classes are supported. We therefore show the applicability of our model to analyze existing authorization systems and determine the supported constraints.","PeriodicalId":356565,"journal":{"name":"2007 IEEE International Performance, Computing, and Communications Conference","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2007 IEEE International Performance, Computing, and Communications Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PCCC.2007.358921","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 14
Abstract
Whether access is given to a protected entity is decided upon evaluation of access control constraints. Though some initial approaches to classify access control constraints can be identified in the current literature, they must be considered as too broad with respect to today's multi-layered system landscapes. In this paper we present a classification model for authorization constraint types extracted from recent publications. We identify common restriction characteristics and classify the constraint types depending on their information sources necessary for constraint evaluation. We identified the following authorization classes: authentication, ontology, environment, and activity. We further propose a system architecture supporting these classes. We map our model architecture onto the Windows 2003 Authorization Manager, identify the components equal to our proposed architecture and emphasize which authorization classes are supported. We therefore show the applicability of our model to analyze existing authorization systems and determine the supported constraints.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
