A Policy Based Framework for Access Control
نویسندگان
چکیده
This paper presents a policy-based framework for managing access control in distributed heterogeneous systems. This framework is based on the PDP/PEP approach. The PDP (Policy Decision Point) is a network policy server responsible for supplying policy information for network devices and applications. The PEP (Policy Enforcement Point) is the policy client (usually, a component of the network device/application) responsible for enforcing the policy. The communication between the PDP and the PEP is implemented by the COPS protocol, defined by the IETF. The COPS (Common Open Policy Service) protocol defines two modes of operation: outsourcing and provisioning. The choice between outsourcing and provisioning is supposed to have an important influence on the policy decision time. This paper evaluates the outsourcing model for access control policies based on the RBAC (RoleBased Access Control) model. The paper describes a complete implementation of the PDP/PEP framework, and presents the average response time of PDP under different load conditions.
منابع مشابه
Attribute-based Access Control for Cloud-based Electronic Health Record (EHR) Systems
Electronic health record (EHR) system facilitates integrating patients' medical information and improves service productivity. However, user access to patient data in a privacy-preserving manner is still challenging problem. Many studies concerned with security and privacy in EHR systems. Rezaeibagha and Mu [1] have proposed a hybrid architecture for privacy-preserving accessing patient records...
متن کاملA combination of semantic and attribute-based access control model for virtual organizations
A Virtual Organization (VO) consists of some real organizations with common interests, which aims to provide inter organizational associations to reach some common goals by sharing their resources with each other. Providing security mechanisms, and especially a suitable access control mechanism, which enforces the defined security policy is a necessary requirement in VOs. Since VO is a complex ...
متن کاملAccess and Mobility Policy Control at the Network Edge
The fifth generation (5G) system architecture is defined as service-based and the core network functions are described as sets of services accessible through application programming interfaces (API). One of the components of 5G is Multi-access Edge Computing (MEC) which provides the open access to radio network functions through API. Using the mobile edge API third party analytics applications ...
متن کاملTaylor Rule: A Model for the Mechanism of Monetary Policy and Inflation Control in the Framework of the Interest-Free Banking Act
The ultimate goal of monetary policy is to achieve price stability and high output. In this regard, central banks usually change the interest rate, liquidity, and money base in order to apply monetary policies. The John B. Taylor rule is one of the rules known in the transmission of monetary policy.[1] Based on this rule and given the output gap and inflation gap, the central bank increases or ...
متن کاملA semantic-aware role-based access control model for pervasive computing environments
Access control in open and dynamic Pervasive Computing Environments (PCEs) is a very complex mechanism and encompasses various new requirements. In fact, in such environments, context information should be used in access control decision process; however, it is not applicable to gather all context information completely and accurately all the time. Thus, a suitable access control model for PCEs...
متن کامل