Design and Implementation of a Context-Based Security Model
This paper proposes a context-based security model and describes one of the design and implementation of enforcement mechanism of it. In this access control model, a kind of object-oriented petri-net with nets-within-nets semantics is adopted as a context representation.
This approach is, particularly, expected to be suitable for dynamic access control within inter-organizational business processes. The overall architecture of the access control model is designed by extending XACML standard architecture. And a Scala-based internal Domain Specific Language is designed to specify security policies.
KeywordsAccess Control Model Context Sensibility XACML Domain Specific Language
Unable to display preview. Download preview PDF.
- 3.OASIS Standard: eXtensible Access Control Markup Language(XACML) 3.0 (January 22, 2013), http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.pdf
- 4.Sun Microsystems, Inc.: Sun’s XACML Implementation (July 16, 2004), http://sunxacml.sourceforge.net/
- 5.Health Policy Bureau of Ministry of Health, Labor and Welfare, Japan: For partial revision of the scope of the emergency life-saving treatment (in Japanese), Health Policy NotificationN o.0302001 (March 2, 2009), http://www.mhlw.go.jp/topics/2009/03/dl/tp0306-3a.pdf
- 7.Thomas, R.K.: Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments. In: RBAC 1997 Proceedings of the Second ACM Workshop on Role-based Access Control, pp. 13–19 (1997)Google Scholar
- 8.Deng, J., Brooks, R., Taiber, J.: Security Automata Integrated XACML and Security Validation. In: Proc IEEE SOUTHEASTCON 2010, pp. 338-343 (March 2010)Google Scholar