{"title":"一个轻量级的基于动态属性的访问控制模块,集成了业务规则","authors":"Vali Tawosi","doi":"10.1109/ICAICT.2016.7991700","DOIUrl":null,"url":null,"abstract":"User authorization in software systems is and has been a serious security concern for a long time. Attribute based Access Control (ABAC), as a new model of user authorization, makes it possible to restrict user access based on rules against different attributes. In the context of service access control in enterprise systems, it seems necessary to separate business rules from service logic and user authorization mechanism. This paper is an experimental report on the implementation of an ABAC module in which business rules are used to restrict user access to the services. The ever changing nature of the business rules in an enterprise system made a necessity to the proposal of such a light weight dynamic attribute based access control module, in which end user is able to change access policies and business rules in run time. Challenges of building this module are revealed and plausible solutions which have been put in place are reported.","PeriodicalId":446472,"journal":{"name":"2016 IEEE 10th International Conference on Application of Information and Communication Technologies (AICT)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"A light weight dynamic attribute based access control module integrated with business rules\",\"authors\":\"Vali Tawosi\",\"doi\":\"10.1109/ICAICT.2016.7991700\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"User authorization in software systems is and has been a serious security concern for a long time. Attribute based Access Control (ABAC), as a new model of user authorization, makes it possible to restrict user access based on rules against different attributes. In the context of service access control in enterprise systems, it seems necessary to separate business rules from service logic and user authorization mechanism. This paper is an experimental report on the implementation of an ABAC module in which business rules are used to restrict user access to the services. The ever changing nature of the business rules in an enterprise system made a necessity to the proposal of such a light weight dynamic attribute based access control module, in which end user is able to change access policies and business rules in run time. Challenges of building this module are revealed and plausible solutions which have been put in place are reported.\",\"PeriodicalId\":446472,\"journal\":{\"name\":\"2016 IEEE 10th International Conference on Application of Information and Communication Technologies (AICT)\",\"volume\":\"16 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE 10th International Conference on Application of Information and Communication Technologies (AICT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICAICT.2016.7991700\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE 10th International Conference on Application of Information and Communication Technologies (AICT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICAICT.2016.7991700","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A light weight dynamic attribute based access control module integrated with business rules
User authorization in software systems is and has been a serious security concern for a long time. Attribute based Access Control (ABAC), as a new model of user authorization, makes it possible to restrict user access based on rules against different attributes. In the context of service access control in enterprise systems, it seems necessary to separate business rules from service logic and user authorization mechanism. This paper is an experimental report on the implementation of an ABAC module in which business rules are used to restrict user access to the services. The ever changing nature of the business rules in an enterprise system made a necessity to the proposal of such a light weight dynamic attribute based access control module, in which end user is able to change access policies and business rules in run time. Challenges of building this module are revealed and plausible solutions which have been put in place are reported.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
