You are on page 1of 7

JOURNAL OF COMPUTING, VOLUME 3, ISSUE 3, MARCH 2011, ISSN 2151-9617 HTTPS://SITES.GOOGLE.

COM/SITE/JOURNALOFCOMPUTING/ WWW.JOURNALOFCOMPUTING.ORG

10

Analysis of Existing Access Control Models from Web Services Applications’ Perspective
A. Mohammad1, T. Khdour2, G. Kanaan3, , R. Kanaan4, S. Bani-Ahmad5
1 The Arab academy for Banking and financial sciences, Damascus, Syria 3, 4 The Arab academy for Banking and financial sciences, Amman, Jordan 2, 5 Al-Balqa Applied University, Salt, Jordan
Abstract—In web services environment, new requirements must be obeyed by the access control to preserve a satisfied security level to the applications in this environment, for example the dynamic change of the previously unknown users, the heterogeneity of the large number of users and resources, and the effects of context constraint information on the decision making process, all of these requirements and others should be taken into account when we talk about web service access control. In this paper the authors introduce the clearly defined access control requirements for web services, and then an analysis of the current approaches of web service access control is made in the light of these requirements. The advantages and limitations of the existing access control models in the context of web service environments are investigated. These new requirements are also used as assessment criteria in our comparison study between the predominated access control models. This paper is the first step toward web service access control model, and may be used later as guidelines to design access control solutions for web service environment at the application level. Index Terms— Access Control Models, Web Services, Web application security.

——————————  ——————————

1 INTRODUCTION

A

level to the applications in web service environment. The dynamic change of the previously unknown users, the heterogeneity of the large number of users and resources, and the effects of context constraint information, all of these and others should be taken into consideration when we talking about web service access control models. Therefore, it is important to clearly specify these requirements and analyze the current access control models as the first step toward addressing the future access control solutions and as guidelines to design access control model for web services. The contributions of this paper can be summarized as follows:  The majority of the current security techniques (i.e. message integrity, confidentiality, security token exchange, message session security, security policy expression, and security for a federation of services within a system) to protect web services are mainly used to protect web services at the communication level. In this paper however, more attention has been given to the access control requirements for web services at the application level.  This paper provides an answer to determine basic requirements for access control in web service environment, which are used later as guidelines to design access control model for web service environment at the application level.  An analysis of current approaches of web service access control is made in the light of the basic requirements for ———————————————— access control in web service environment, the merits and  A. Mohammad is with the Arab academy for Banking and financial shortcomings of existing access control models in the consciences, Damascus, Syria  G. Kanaan and R. Kanaan are both with the Arab academy for Banking text of web service environments are investigated. and financial sciences, Amman, Jordan  The comparison study between the predominated access  T. Khdour and S. Bani-Ahmad are both with Al-Balqa Applied University, control models is conducted which clearly indicates that Salt, Jordan several issues in the exciting access control models can be used as a starting point to future access control solutions.

S organizations increase the functionality and information offered as web services, controlling access to these services and other resources becomes more complex. In addition, security failures can disrupt an organization’s operations and can have legal, financial, human safety, personal privacy, and public confidence impacts. Access control mechanisms are used to control the actions, functions, applications, and operations of legitimate users to protect the integrity of the information by restricting modification to resources only to those with the permission to do so. Access control also preserves the confidentiality of information resources by ensuring that information is only disclosed to users authorized to access it. In addition, access control plays a role in availability of the resources when unauthorized users try to perform a denial of service attack [1],The data model behind an access control implementation is termed “Access Control Model” (ACM) [2], the access control model defines relationships among permissions, operations, objects, and subjects. By time several intermediate concepts have been introduced over the past decades to organize these relationships [3]. These new concepts are proposed based on the emerging security requirements which must be obeyed by the access control to preserve a satisfied security

JOURNAL OF COMPUTING, VOLUME 3, ISSUE 3, MARCH 2011, ISSN 2151-9617 HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/ WWW.JOURNALOFCOMPUTING.ORG

11

The remainder of this paper is organized as follows. Section 2 provides the requirements for the web service access control at the application level In section 3 an analysis of the current access control models from the web service environment perspective is introduced. Section 4 presents the assessment criteria that used to characterize the access control models. Section 5 provides a comparison study between the existing access control models. Finally, Section 6 presents some concluding remarks and outlines future work.

2 REQUIREMENTS FOR WEB SERVICE ACCESS CONTROL AT THE APPLICATION LEVEL.
The World Wide Web Consortium (W3C) [24] characterizes web services as “A software application identified by a URI, whose interfaces and bindings are capable of being defined, described, and discovered as XML artifacts. A Web service supports direct interactions with other software agents using XML-based messages exchanged via Internet-based protocols”. In this definition the web services specified as application working in distributed, open, dynamic and heterogeneous environment, new requirements must be taken into consideration to specify access control for web services at application level. Most existing research has focused on specifying access control requirements, of those studies a few have related to web services [4; 2; 5; 6; 7; 8; 9; 10]. Based on the previous literature and our empirical work, some of the important aspects are highlighted. These are as follows.  Users in the web environment are highly dynamic as they enter and leave web service applications continuously and their profiles change frequently over time. Users can be anonymous due to privacy concerns as they do not wish to disclose their identity to others. As a result, the identities of many web service users are unknown to the system at the time of the request. However, traditional models are mainly authentication based and require proof of identity or registration for effective centralized control. Such access control paradigm has several limitations due to spontaneity and privacy concerns, hence traditional models are not suitable for web service applications. Therefore, it is necessary to develop none-identity-based access control models in order to overcome such problems. As a result, providing efficient and reliable access control for dynamic and anonymous users is an essential requirement in the web service environment  Heterogeneity of objects : The access control must be able to support access to a large number of resources of any type. In web environment, there are a different types of resource from different domains, therefore security management issues becomes extremely difficult. For example, at the application level when a professor request to “view student record”, access student personal details from a university’s database system, a student photo from an image base, a student sound print from an audio repository,, the only concerning issue here is whether or not “View student Record” can be accessed, and not how it is conducted at a lower level.  Heterogeneity of subjects: In an open web service environment, the access control must support the access re-

quests by heterogeneity of users with different characteristics. As the number of users increases, it becomes very difficult to specify and mange them against a large number of protected resources. A major challenge to the security management of an access control system is to specify authorizations that involve heterogeneous users in a simple and efficient manner. Content based access control: Information access may need to be restricted based on the information content. For example a PhD candidate student who has TOEFL test score more than 550 can register the credit hours of his dissertation, in this example the value of input parameter play a role in determine partial access to the web service. Moreover, the content of the output parameters may reveal confidential information to the user. Therefore, in order to provide controlled access to back-end resources, the contents of the input and output parameters should be included in access control decision making. Context aware access control: Information access may need to be restricted based on contextual information obtained at the time the access requests are made. Access requests may be decided based on several context parameters, such as time or location. An example of location parameter is user domains, which are classified by IP addresses [6], the relationship between entities such as users and objects play also important role in access decision. For example, professor is allowed to view all student files if the student is in the professor's department and the student is under the supervision of the professor. In this case the relationship between the individual subject (professor), who requests the access rights, and the individual object, which is to be accessed (student records), has crucial impact in making the final access control decision. Fine-grained access control: Traditional access control models only provides coarse-grained such as role level control in Role Based Access Control (RBAC), so it is difficult to model fine-grained security policy. To represent different access control situations a fine-grained access control is needed. Dynamic access control: the dynamic change in the user’s profiles and environment conditions in web service environment should be reflected on the access decision, so there is a need to automate role assignment which depends on all of the above-mentioned features. In web environments, access control decision making ought to be automated according to a variety of dynamic conditions. These conditions include content and the context constraint. Dynamic role assignment saves manual administrative work of specifying authorizations for each security subject against each security object, hence making security management simpler and more efficient. Policy specification: Access control models are based on the specification and representation of policies that govern a dynamic and open environment. The access control model should support ways of specifying policies and an appropriate syntax, pattern, or language that allows extensions or modifications in a simple and transparent manner. This eventually helps to ensure the scalability of the system Policy enforcement: It is essential for the access control models to provide means to ensure that the policies or constraints specified are enforced correctly. In the next section, an analysis is conducted between

JOURNAL OF COMPUTING, VOLUME 3, ISSUE 3, MARCH 2011, ISSN 2151-9617 HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/ WWW.JOURNALOFCOMPUTING.ORG

12

existing access control models in the context of web service environment based on the above defined requirements

3 ANALYSIS OF CURRENT ACCESS CONTROL MODELS
Several access control models have been proposed since 1960 up to the writing of this paper, this section analyze the predominant access control models from the web service application perspective: Access Control Matrix, Role Based Access Control (RBAC), Attributes Based Access Control (ABAC), Task Based Access Control (TBAC), and Context A-ware Access Control Models.

know the user identity previously that contradicts with the dynamic change in users profiles in web service environment, therefore this model is unable to support the dynamic change in users characteristics in web service environment. More sophisticated access policies such as access based on competency, least privilege, or conflict-of-interest rules are difficult to provide without access rights that are associated with a subject’s credentials when performing an operation.

3.2 Role Based Access Control (RBAC)
 The main goal of role based access control proposed by [14] is to overcome administration difficulties encountered in large commercial organizations for which access control matrix cannot be carried out by proposing organizational grouping of subjects or resources. RBAC uses roles as a basis for access control decisions which greatly simplifies the management of the system, and provides a powerful mechanism for reducing the complexity, cost, and potential for error in assigning permissions to users within the organization [1]., In addition, RBAC is considered as “neutral policy”, it can coexist with other policies. However, RBAC does not entirely suit web service environment as it suffers from weaknesses in open and dynamic environment as following: RBAC is authentication based, this means it depends on the previously known user’s identity, which requires central control (registration) and proof of identity. This identity based authentication leads to certain limitations regarding the spontaneity and privacy and hence not always desired. However, in web service environment authorization based access control is needed due to the dynamic change in users’ characteristics without previously known identity. In core RBAC [14], permission is still represented in the form of operation - object which describes the traditional database access paradigm. In enterprise systems, there are a large number and types of resources, such as database items, files, and heterogeneous hardware. When authorizations are specified by operation-object paradigm, an enterprise system needs to view element, view schema, destroy and create for documents – which is inefficient. The situation becomes worse if object hierarchy and access modes hierarchy are introduced which introduce many conflicts to the authorization. As RBAC only provides coarse-grained and role level control, it is difficult to model fine-grained security policy,. During a session, although roles can be activated or deactivated based on constraints such as role conflict or prerequisite roles, the user’s access permission is not changed based on context information such as time, location, and relationships among entities which has impact factors in deciding access rights in web service environment. Unfortunately, such factors are not considered in current RBAC model and partially used in existing RBAC extensions. RBAC is static model because the permissions are associated statically with roles by an administrator and users are made members of appropriate roles in the same manner, this is not adequate for dynamic change in user characteristics in open and dynamic web service environment. It is very burden work to assign statically a large number of users to appropriate roles and to assign different permissions to a large number of resources. As a result, with the

3.1 Access Control Matrix
Access control matrix is proposed by [11] who defines three kinds of access-control entities: subjects, objects and access rights which associate the subject with the protected objects by specifying the operations that subject are allowed to perform on objects. An access control matrix A, with rows representing subjects, columns representing objects is used to define the protection state. A[s, o] denotes the access rights a subject s has over an object o. The access-checking rule of the model states that a request by subject s for accessing object o is granted only if A[s, o] contains the requisite right. The access control matrix can be implemented in three ways [12]:  Authorization Table Approach: A three columns table, corresponding to subjects, actions, and objects, respectively. Each tuple in the table corresponds to an authorization.  Access Control List (ACL) approach: The matrix is stored by column. Each object is associated with a list indicating, for each subject, the actions that the subject can exercise on the object.  Capability Approach: The matrix is stored by row. Each user has associated a list, called capability list, indicating, for each object, the accesses that the user is allowed to exercise on the object. However there are several weaknesses to the access matrix model [3]. Some are more general, while others are particularly due to the web services environment:  In web services environment access rights may be related to the content, attribute of resources, attributes of users or other contextual Information such as time, location and system load. While Access matrix do not account for this situation, instead, the access decision are taken based on one simple rule which states that a request by subject s for accessing object o is granted only if A[s, o] contains the requisite right without taking into account other factors.  Access matrix model is not adequate for the environments that contain a large number of resources and users as in web service environment. For example, if all accesses by a particular user need to be revoked, the administrator must examine each access control list, one by one, and remove the user from each list. the problem gets worse when a user takes on different responsibilities within the organization, so rather than simply eliminating the user from every access control list, the administrator must determine which permissions need to be eliminated, left in place, or altered [13].  In access control matrix, The capability list for each subject and the access control list for each object are determined statically by administrator, so it is necessary to

JOURNAL OF COMPUTING, VOLUME 3, ISSUE 3, MARCH 2011, ISSN 2151-9617 HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/ WWW.JOURNALOFCOMPUTING.ORG

13

heterogeneity of users and resources this problem becomes even more complicated

3.3 Attribute Based Access Control (ABAC) In recent years, there has been a shift to looking at attributes as
a basis for access control in a web services environment [9; 15], ABAC provides a mechanism for representing a subject’s access profile through a combination of the following attribute types:  Subject Attributes (S) which associated with a subject that defines the identity and characteristics of that subject.  Resource Attributes (R) which associated with a resource, such as a Web service, system function, or data object.  Environment Attributes (E) which Describes the operational, technical, or situational environment or context in which the information access occurs. ABAC policy rules are generated as Boolean functions of S, R, and E attributes and dictate whether a subject S can access a resource R in a particular environment E as following: RULE X: can_access(s,r,e) ← f (ATTR(s),ATTR( r),ATTR(e)) ABAC clearly provides an advantage over traditional RBAC when extended into Service Oriented Architecture (SOA) environments, which can be extremely dynamic in nature. ABAC policy rules can be custom-defined with consideration for semantic context and are significantly more flexible than RBAC for fine-grained alterations or adjustments to a subject’s access profile [16].One additional benefit to web service implementations of ABAC lies in the nature of the loose definition of subjects. Because ABAC provides the flexibility to associate policy rules to any actor, it can be extended to Web service software agents as well. On the other hand the ABAC has some drawbacks, these are as follows:  In ABAC the permissions are assigned directly to the users based on the attributes (user, object, environment) without the using of the role concept as intermediate structure between the permissions and the attributes, so this weaken the ability to users management.  ABAC approach depends on policy-defined attributes to make access control decisions, the policy is represented as a set of rules expressed on attributes values and are granted to users who can prove compliance with these rules, therefore ABAC is not a policy natural such as RBAC which mean it is restricted to policy-defined attributes such as extensible Access Control Markup Language (XACML) [17].

plicated the security management of large enterprise systems due to the heterogeneity of resources involved in authorizations. Hence, they are not suitable for supporting a unified access control framework that involves different types of resources from multiple domains. However, this model suffers from the following limitations:  TBAC paradigm considers the temporal constraint where access is permitted based on a just-in-time fashion for the activities or tasks in consideration. The other constraints are not used in this model especially the context constraint.  Specification of complex policies, management, delegation, and revocation of authorization privileges are very primitive. More fine grained components are needed to be defined to support dynamic environments motivated by TBAC.

3.5 ContextA-ware Access Control
The context information associated with access request such as time, location, session, system load, plays an important role in access control decision, so several studies conducted to integrate context information in access control models as following: Environment Role Based Access Control Model (ERBAC): proposed by [23], the Environment roles are proposed to capture security-relevant aspects of the environment in which an application executes, an environment role is an abstraction for a system states that the system can accurately collect, However, it still remains role-centric disadvantages, security-related relationships among entities (including roles, subjects, objects, and environments) are ignored. Hence, fine-grained security policies which may depend on individual instances of the subjects and objects are difficult to model and specify. In addition this model is not adequate for dynamic environment because the permission and users are assignment statically to roles. The Temporal RBAC (TRBAC): proposed by [20], TRBAC Model extends the traditional RBAC model by adding timing constraints into role activations, and provides dynamic role assignment based on temporal constraints like time periods. However TRBAC addressed temporal constraints for role activation only, in addition to the following drawbacks: 1. TRBAC is also role-centric and focuses on when a specific type of role can be activated based on time and other role activation events. Other possible events, which could also cause roles’ permission change, are not modeled in the TRBAC model. This model has not addressed other types of authorization constraints besides duration constraints. 2. This model relies on user identities for authentication; it does not support authentication and role assignment through user credentials provided by trusted third parties. Generalized RBAC: Moyer and Ahamad proposed generalized RBAC in [21]., Generalized Role Based Access Control (GRBAC) leverages and extends the power of traditional RBAC by incorporating subject roles, object roles, and environment roles into access control decisions. However: 1. GRBAC may not be feasible in practice because the potential large amounts of environment roles make the system very hard to maintain manually. 2. GRBAC rely on user identities for authentication, they do not support authentication and role assignment through user credentials provided by trusted third parties. Generalized Temporal Role Based Access Control GTRBAC: proposed by [20], this model share the same drawbacks of TRBAC but it supports a wide range of temporal constraints which can be applied to roles, user-role-assignment,

3.4 Task based access control (TBAC) TBAC uses tasks as an important parameter for access control
and authorization [18; 19]. It is an active security model that is well suited for information processing activities where users access data and applications in order to perform certain tasks. TBAC approaches security management from an application perspective rather than from a system-centric subject-object view [19]. In the subject-object paradigm, access decision function checks whether a subject has the required permissions for the operation, this type of permission representation has com-

JOURNAL OF COMPUTING, VOLUME 3, ISSUE 3, MARCH 2011, ISSN 2151-9617 HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/ WWW.JOURNALOFCOMPUTING.ORG

14

role-permission assignment as well as role activation, and it allows more flexible security policies to be specified, thus providing fine-grained dynamic access control for enterprise systems. XML-based Generalized Temporal Role-based Access Control (X-GTRBAC): proposed by [6], An XML-based specification language is used to represent security policies in order to achieve interoperability among different domains, it includes credential-based access control, context aware access control, temporal constraints and XML-based policy specification. The XML-based web-service policy specification has enabled information sharing between different domains that were previously unachievable due to incompatible information formats. [4] proposed a policy-based authorization framework for Web services by integration of X-GTRBAC with an emerging Web services policy processing model, WS-Policy [22]. Other researches such as [5]; Hulsebosch et al., 2005] focus on one type of context constraints such as location or user intention in pervasive environment. [8] proposed a logic-based access control approach for a web service, in this approach, real-time access control decisions is made based on assertions in the header of SOAP message, and this model assigns roles to requestors with changing user profiles, based on the trusted assertions. However, this model do not give any attention to context constraint, [9] extend RBAC model to secure web services in business process, the model takes web services in business process as protected objects instead of common system resources. The constraints WS-RBAC are divided into two kinds: auxiliary constraints related to enterprise and authorization constraints such as separation of duty, so this model did not discuss other context constraints and it focuses on specific problem in business process. 4. ASSESSMENT CRITERIA In this paper the assessment criteria have been derived from tow resources; first from the web service access control requirements discussed in section 2 and from the work done by [7]. The following summarizes the criteria used to characterize the access control models as follows.  Authorization based: define whether or not the access decision relies on the user identity (previously registered), in this case the model is authentication based, on the other hand authorization based access model considers other factors such as attributes or capability of the subject and environment conditions when making access control decisions. In web environments, there are many new users and anonymous users; therefore identity based access control model is not suitable for protecting Web services.  Context sensitive: context information plays an important role in making the appropriate access decision in web environment, thus it is important to know the degree to which contextual information is utilized by the access control model in order to secure the system.  Fine grained control: the granularity of access control will not be limited to complete web services but instances of web services. For example if a user requests access to some services, but only part of the service is available to this user, simply permitting or forbidding the user request would be inappropriate.

Dynamic control: in web service environment where the user characteristics and the access context changing consciously, the access control decisions must be synchronized with continuously changing security conditions, it is desirable for the access control model to be able to handle the dynamism of web environment. Permission representation: the structure of the authorization in access control model, for example (subject.operation,object) paradigm which is used in most of traditional access control model such as RBAC, A typical feature of this paradigm is that privileges or permissions are represented as approvals of access to an object in specified access modes (operation-object), Policy specification: Access control models are based on the specification and representation of policies that govern a web services environment. The model should provide ways of specifying policies and appropriate syntax, pattern, or language that allows extensions or modifications in a simple and transparent manner. This helps to ensure the scalability of the system. Policy enforcement: it is important for the access control model to provide means to ensure that the policies or constraints specified are enforced correctly. for example, The dynamic context in which access requests are made should be taken into account when access control rules are defined Complexity:. As there is a trade off between functionality and complexity. Complexity is considered to be an important aspect of consideration because an overly complex model can lead to unforeseen problems and implementation can become difficult. As a result, defines the nature of the access control model is an important issue. Understandability: defines the transparency of the model and its underlying principles. The consequences of manipulation and changes of access rights should be obvious for the proper use of the system. Ease of use: indicates how simple the system is from the end user’s point of view in terms of its usage in a web environment. If the system is inconvenient to use, then there is a chance that users will not favor it. Security systems always bring a degree of complexity into the system, and users need to be reassured of the ease of use of any system. The simpler the model is, the more popular it will be. Applicability of an access control model is an indication of its practicality. A good, but solely theoretical, model may provide few benefits. An infrastructure should exist where the model can be deployed.

5. COMPARISON OF ACCESS CONTROL MODELS
ment criteria in the comparison of existing access control model which have been introduced in the Section 3. The assessment result is shown in Table 1. The table makes use of comparative terminology such as Low, Medium, and High, descriptive terminology such as Simple and the standard Yes (Y) and No (N) terminology for characterization against the criteria. For the contextual information criteria, Mediumx is used to identify those models that appear to support the strongest notion of context among those in the Medium category. Use of Low, Medium, and

Our comparison of access control models is based on previous analysis in section 3 and the previous assess-

JOURNAL OF COMPUTING, VOLUME 3, ISSUE 3, MARCH 2011, ISSN 2151-9617 HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/ WWW.JOURNALOFCOMPUTING.ORG

15

High for criteria such as Complexity, Low Complexity indicates that the model is fairly simple in nature. Low has also been used to describe criteria such as contextual information when it is not convenient to use a simple Yes or No means of description. Yes and No have been used whenever it is possible to indicate the facilitation or lack of facilitation of the concerned criteria by the access control model. Wherever it is insufficient to simply indicate the presence of support for a feature, and it is also important to indicate the degree to which a feature is supported, Low, High, and Medium have been used. For the criterion used to define the authorization specification a number of symbols are used as following, s: a subject; o: a data object ; m: access mode ; r: role; t : task; tc: temporal constraint; attr: subject attribute; cc: context constraint. TABLE 1 CHARACTERIZATION OF ACCESS CONTROL MODELS FOR WEB
SERVICE ENVIRONMENT
Model Criteria XGRBAC TRBAC TBAC Temporal TaskRBAC based Y N Medium Y Y Y Y (r,tc,m,o) Low Low Y Low Low (s,t) ABAC RBAC Access Matrix N N N N Low Low (s,m,o)

3.

of authorization specification and administration. Moreover, the using of task helps in solving the problem of object’s heterogeneity in the web environment. Access control matrix and traditional RBAC do not support consideration of contextual information in decision making, whereas other models (i.e. ABAC, TRBAC, XGRBAC) support varying degrees of contextual information consideration. TRBAC, X-GTRBAC, and existing access control models focus only on one type of constraint (temporal constraint, location, and session), other types of constraints such as the relationship between entities in the model should be considered in the design of future access control models to support a wide range of security policies.

6. CONCLUSION AND FUTURE WORK
Most of current security techniques to protect web services are mainly used to protect web services at the communication level, in this paper; we give more attention to access control models for web services at the application level. A number of access control requirements were defined for web services environment which may be used as a basis for further research in the authorization area. Access control requirements have been used as a basis to analyze the current popular access control models. Discussion of the pros and cons of each model in context of web services environment at the application level were introduced, then a number of assessment criteria derived basically from that requirements to used in a comparison study between current access control models were also provided, This comparison study summarize not only the benefits but also the weaknesses of current models. The comparison also indicates several Issues in the exciting access control models which may be used as a starting point for future access control solutions.

Authorization Y based Context sensitive Mediumx Fine grained Y Dynamic control Y Policy SpecificaY tion Policy EnforceY ment Policy(r,cc,m,o) Permission representation Complexity Medium Ease of Use High Understandability Simple Applicability High

Y Medium Y Y Low Low (attr,m,o)
x

N Low Low N Y Y (r,m,o)

Medium High Simple High

Medium Medium Simple Medium

Medium Medium Simple High

Medium Low High Medium Simple Simple High Medium

The comparisons provided in Table 1 highlighted several Issues in the existing access control models. These are as follows: 1. The traditional access matrix specifies authorization as a tuple of three (S, M, and O). It is required to define authorizations for each data manipulation. The authorization specification for RBAC is much simpler; it assigns users to roles, hence reducing the number of authorizations by N number of times where N is the number of users assigned to the role. This comparison clearly indicates that the using of role concept in RBAC and its extension can greatly reduce the complexity of authorization specification and administration. In addition, the using of role helps in solving the problem of subject’s heterogeneity in web environment. 2. The task based access control TBAC has a simple authorization specification (S and T) as it uses the tasks for describing all data objects in backend resource. Therefore, the access requests to several data objects could be reduced to single request to a one task. For instance, a professor request to “view student record” may ultimately access student personal details from a university’s database system, a student photo from an image base, a student sound print from an audio repository. At the application level however, the only concerning issue is whether or not “view student record” can be accessed, not how it is conducted at a lower level. Accordingly, this comparison indicates that the using of task concept in TBAC can greatly reduce the complexity

REFERENCES
[1] [2] [3] [4] Ferraioldo, D.; Kuhn, R.; and Chandramouli, R. (2003). “Role-based access control”. Computer Security Series. Artech House. Decker, M. (2008). “Requirements for a Location-Based Access Control Model”, In Proceedings of MoMM 2008, Linz, Austria,346-349. Thion, R. (2008), “access control models”, IGI Global Publication, Chapter XXXVII,318-326 Bhatti, R.; Sanz, D.; Bertino, E.; and Ghafoor, A. (2008). “A Policy-Based Authorization Framework for Web Services: Integrating X- GTRBAC and WS-Policy”, IGI Global puplication,138-161. Damiani, M.; Bertino, E.; Catania, B.; and Perlasca, P. (2007). “GEORBAC: A Spatially Aware RBAC”, ACM Transactions on Information and System Security, 10, 1, Article 2. Bhatti, R.; Ghafoor, A.; Bertino, E.; and Joshi, J. (2005). “X-GTRBAC: An XML-Based Policy Specification Framework and Architecture for Enterprise-Wide Access Control”. ACM Transactions on Information and System Security,. 8,. 2, 187–227. Tolone, W.; Ahn, G.; Pai, T.; Hong, S. (2005). “Access Control in Collaborative Systems”. ACM Computing Surveys, 37, 1, 29-41. Coetzee, M. and Eloff, J. (2004). “Towards Web Service access control”. Computers & Security, 559-570 Wang, L.; Wijesekera, D. and Jajodia, S. (2004). “A logic-based framework for attribute based access control”, in Proceedings of the 2004 ACM workshop on Formal methods in security engineering, 45–55,

[5]

[6]

[7] [8] [9]

JOURNAL OF COMPUTING, VOLUME 3, ISSUE 3, MARCH 2011, ISSN 2151-9617 HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/ WWW.JOURNALOFCOMPUTING.ORG

16

[10] Agarwal, S.; Sprick, B.; and Wortmann,S. (2004). “Credential Based Access Control for Semantic Web Services”, In Proceedings of 2004 American Association for Artificial Intelligence Spring Symposium Series, Stanford, California, USA. [11] Lampson, b., (1971). Protection. In 5th Princeton Symposium on Information Science and Systems, 437–443. Reprinted in ACM Operating Systems Review 8(1):18–24, 1974. [12] Samarati, P. and Capitani, V. (2001). “Access Control: Policies, Models, and Mechanisms”. Springer-Verlag Berlin Heidelberg. [13] Gallaher, M.; O’Connor, A.; and Kropp, C. (2002). “The Economic Impact of Role-Based Access Control”, Technical report prepared by RIT for National Institute For Standards And Technology. [14] Sandhu, R.; Coyne, E.; Feinstein, H.; and Youman, C. (1996). “RoleBased Access Control Models”. IEEE Computer 29, 2, 38–47. [15] Yuan, E.; Tong, J., and Hamilton (2005). “Attribute-Based Access Control (ABAC) for Web Services”. in Proceedings of the New Challenges for Access Control Workshop. [16] NATIONAL INSTITUTE FOR STANDARDS AND TECHNOLOGY, (2007). Guide to Secure Web Services, NIST Special Publication 800-95. [17] Moses, T.. (2009). “eXtensible Access Control Markup Language (XACML) version 2.0.2005”. Retrieved October 4, 2009 from http://docs.oasis-open.org/xacml/2.0/access control-xacml-2.0-corespec-os.pdf. [18] Thomas, R. (1997). “Team-based access control (TMAC): A primitive for applying role based access controls in collaborative environments”. In Proceedings of the Second ACM Workshop on Role-based Access Control, Virginia, USA,13-19. [19] Thomas, R. and Sandhu, R. (1997). “Task-based authorization controls (TBAC): A family of models for active and enterprise-oriented authorization management”. In Proceedings of the IFIP WG 11.3 Workshop on Database Security, Lake Tahoe, California, 166-181. [20] Bertino, E.; Bonatti, P.; and Ferrari, E. (2001). “TRBAC: A temporal rolebased access control model”. ACM Transactions on Information and System Security (TISSEC), 4,3, 191-233. [21] Moyer, M.; and Ahmad, M. (2001). Generalized role-based access control. In Proceedings of the 21st International Conference on Distributed Computing Systems, Washington, D.C. 391-398. [22] Schlimmer et al. (2006). “Web Services Policy 1.2 (WS-Policy)”. Retrieved October 9, 2009, from http://specs.xmlsoap.org/ws/2005/02/trust/WS-Trust.pdf. [23] Covington, M.; Long, W.; Srinivasan, S.; Dev, A.; Ahmad, M.; and Abowd, G. (2001). “Securing context-aware applications using environment roles”. In Proceedings of the 6th ACM Symposium on Access Control Models and Technologies (SACMAT’01). ACM Press, New York. 10–20. [24] WORLD WIDE WEB CONSORTIUM (W3C), http://www.w3.org.