Int. J. of Internet Technology and Secured Transactions   »   2011 Vol.3, No.4

 

 

Title: A contextual multilevel access control model

 

Authors: Narhimène Boustia; Aïcha Mokhtari

 

Addresses:
Computer Science Department, Saad Dahlab University of Blida, Route de Soumaa, BP 270, Blida, Algeria.
Computer Science Department, USTHB, BP 32 El Alia 16111 Bab Ezzouar, Alger, Algeria

 

Abstract: This paper present a dynamic multilevel access control model based on description logic with default and exception to capture the context feature. To define a security policy independently of the implementation, our access control model is structured in two levels: a concrete level and an abstract level. Subject and object are respectively abstracted into role and view. The level is assigned to role instead of subject and to the view instead of object. All subjects who play same role have the same level of clearance and all objects that belong to the same view have the same classification level. A subject is authorised to access to the object if its clearance level is greater than or equal to the classification level of object in a given context. The context allows us to provide dynamic authorisation, to each context switch, new authorisations are deduced. Our model allows the representation of composed contexts, the addition of new context and exception to the current context.

 

Keywords: multilevel access control; description logic; default; exception; authorisation; contexts; reasoner; security policy.

 

DOI: 10.1504/IJITST.2011.043134

 

Int. J. of Internet Technology and Secured Transactions, 2011 Vol.3, No.4, pp.354 - 372

 

Available online: 17 Oct 2011

 

 

Editors Full text accessPurchase this articleComment on this article