OB4LAC: An Organization-based Access Control Model for E-government System
نویسندگان
چکیده
Following the emergency of multi-level, complex and distributed information systems, the traditional RBAC model becomes more and more weak and incompetent. Currently, the research of RBAC model mainly focused on building a suitable role hierarchy, although played a certain effect it still have many problems. Through the research aiming at organizations and their characters, we believe that the reasons that cause the present problems are due to the conflict in working patterns between the RBAC model and the physical world. Thus, we propose a new access control method-Organization Based Access Control Method and the specific modelOB4LAC model. This article analyzes the constituent members, formal specification, sub-models UPA, PORA, PERA and RRA of OB4LAC, and also gives the specific process in access operations and business collaboration among multi-organizations. Through the test in many complex E-government systems, OB4LAC model achieves good results.
منابع مشابه
A combination of semantic and attribute-based access control model for virtual organizations
A Virtual Organization (VO) consists of some real organizations with common interests, which aims to provide inter organizational associations to reach some common goals by sharing their resources with each other. Providing security mechanisms, and especially a suitable access control mechanism, which enforces the defined security policy is a necessary requirement in VOs. Since VO is a complex ...
متن کاملAuthorization models for secure information sharing: a survey and research agenda
This article presents a survey of authorization models and considers their 'fitness-for-purpose' in facilitating information sharing. Network-supported information sharing is an important technical capability that underpins collaboration in support of dynamic and unpredictable activities such as emergency response, national security, infrastructure protection, supply chain integration and emerg...
متن کاملAn automatic test case generator for evaluating implementation of access control policies
One of the main requirements for providing software security is the enforcement of access control policies which aim to protect resources of the system against unauthorized accesses. Any error in the implementation of such policies may lead to undesirable outcomes. For testing the implementation of access control policies, it is preferred to use automated methods which are faster and more relia...
متن کاملElectronic Educational and Research Services as Infrastructure for the E- Government: Role of
Introduction: Websites serve as an initial step toward an e- government adoption which facilitates delivery of online services to customers. The existing study intended to investigate the role of university website to render educational and research services based on e- government maturity model in Iranian universities. Methods: This descriptive and cross- sectional study was conducted through...
متن کاملAccess control in ultra-large-scale systems using a data-centric middleware
The primary characteristic of an Ultra-Large-Scale (ULS) system is ultra-large size on any related dimension. A ULS system is generally considered as a system-of-systems with heterogeneous nodes and autonomous domains. As the size of a system-of-systems grows, and interoperability demand between sub-systems is increased, achieving more scalable and dynamic access control system becomes an im...
متن کامل