Title: A contextual multilevel access control model

Authors: Narhimène Boustia; Aïcha Mokhtari

Addresses: Computer Science Department, Saad Dahlab University of Blida, Route de Soumaa, BP 270, Blida, Algeria. ' Computer Science Department, USTHB, BP 32 El Alia 16111 Bab Ezzouar, Alger, Algeria

Abstract: This paper present a dynamic multilevel access control model based on description logic with default and exception to capture the context feature. To define a security policy independently of the implementation, our access control model is structured in two levels: a concrete level and an abstract level. Subject and object are respectively abstracted into role and view. The level is assigned to role instead of subject and to the view instead of object. All subjects who play same role have the same level of clearance and all objects that belong to the same view have the same classification level. A subject is authorised to access to the object if its clearance level is greater than or equal to the classification level of object in a given context. The context allows us to provide dynamic authorisation, to each context switch, new authorisations are deduced. Our model allows the representation of composed contexts, the addition of new context and exception to the current context.

Keywords: multilevel access control; description logic; default; exception; authorisation; contexts; reasoner; security policy.

DOI: 10.1504/IJITST.2011.043134

International Journal of Internet Technology and Secured Transactions, 2011 Vol.3 No.4, pp.354 - 372

Published online: 29 Nov 2014 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article