Extended role access control model for web applications based on path hierarchy

Extended role access control model for web applications based on path hierarchy

Автор: Kononov Dmitry D., Isaev Sergey V.

Журнал: Журнал Сибирского федерального университета. Серия: Техника и технологии @technologies-sfu

Статья в выпуске: 7 т.11, 2018 года.

Бесплатный доступ

Web applications security is a complex problem with several aspects. One aspect is access control according to specified security policy. Access control is accomplished by security model restrictions. This research is dedicated to developing security access control model for web applications. This work describes path-based RBAC model, which improves RBAC and allows flexible access control using request path (URI). Authors created guidelines to apply model’s elements for real-world web applications. Developing web applications with model described allows reducing security risks.

Security models, access control, web applications

Короткий адрес: https://sciup.org/146279542

IDR: 146279542   |   DOI: 10.17516/1999-494X-0029

Список литературы Extended role access control model for web applications based on path hierarchy

  • The 2016 Internet Security Threat Report, Symantec Corp , 2016 -Access: https://www.symantec.com/security-center/threat-report
  • Bell D.E., LaPadula L.J. Secure Computer Systems: Unified Exposition and Multics Interpretation, MITRE Corp. Bedford, 1976, 129 p.
  • Bishop M. Introduction to Computer Security, Addison-Wesley, 2005, 27-35.
  • Sandhu R., Coyne E.J., Feinstein H.L. and Youman C.E. Role-based Access Control Models, IEEE Computer (IEEE Press), 1996, 29 (2), 38-47.
  • Bhatti R., Bertino E. and Ghafoor A. A Trust-based Context-Aware Access Control Model for Web Services, Distributed and Parallel Databases Archive, 2005, 18 (1), 83-105.
  • Harrison M., Ruzzo W. Monotonic protection systems, Foundation of Secure Computation, 1978, 337-365.
  • Sandhu R. The typed access matrix model, Proceedings of the IEEE Symposium on Research in Security and Privacy, 1992, 122-136.
  • Lipton R.J., Snyder L. A Linear Time Algorithm for Deciding Subject Security, Journal of the ACM, Published by Addison-Wesley, 1977, 24 (3), 455-464.
  • Sandhu R. Role-based Access Control, Advanced computers, 1998, 46, 237-286.
  • Devyanin P. N. Security models for computer systems, Moscow, Izdatelskiy Centr "Akademiya", 2005, 144 p.
  • Kononov D.D., Isaev S.V. The security model of cross-platform web services for municipal procurement support, Applied Discrete Mathematics, 2011, 4, 48-50
Еще
Статья научная
SciUp 2024 © 2024 ©