An application-layer based centralized information access control for VPN

Ouyang, Kai; Zhou, Jing; Xia, Tao; Yu, Shengsheng

doi:10.1631/jzus.2006.a0240

Cited by 10 publications

(1 citation statement)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…One drawback of the RBAC model is that its control granularity and flexibility is not as good as that of the normal user-based access control model, because of the decoupling of the user set and the permission set. To address this issue, a hybrid user/role privilege mechanism at application-layer was proposed in Reference [13], based on a centralized information access control model. Though it gave an integrated formal definition and control rules for the hybrid privilege mechanism, it did not provide uniform semantics for it, and hence it could not provide a clear guideline for the implementation of the hybrid user/ role privilege mechanism.…”

Section: Introductionmentioning

confidence: 99%

Homonymous role in role‐based discretionary access control

Chu

Ouyang

Chen

et al. 2008

Wireless Communications

Self Cite

View full text Add to dashboard Cite

The access control model is a core aspect of trusted information systems. Based on the role based access control (RBAC) model, we put forward the concept of the homonymous role, which extends the role control categories in RBAC, balances the control granularity and the storage space requirements, and executes the fine-grained access control. Instead of the traditional global access control policies (GACP), we propose the homonymous control domain (HCD) mechanism to enable the coexistence of multiple types of access control policies in a single system, thereby improving the control granularity and flexibility. The HCD mechanism facilitates the discretionary supporting of independent access control policies for its homonymous user. The HCD mechanism and the traditional access control mechanism can be linked to construct a two-layer access control policy mechanism for a system. Notably, we also consider the temporal characteristic in HCD, which is a critical feature of modern access control models. Furthermore, we analyze the conflicts between the HCD and GACP mechanisms. Finally, we design and implement our HCD on FreeBSD to demonstrate the advantages of the two-layer access control mechanism.

show abstract

Section: Introductionmentioning

confidence: 99%