Authors: Narhimène Boustia; Aïcha Mokhtari
Addresses: Computer Science Department, Saad Dahlab University of Blida, Route de Soumaa, BP 270, Blida, Algeria. ' Computer Science Department, USTHB, BP 32 El Alia 16111 Bab Ezzouar, Alger, Algeria
Abstract: This paper present a dynamic multilevel access control model based on description logic with default and exception to capture the context feature. To define a security policy independently of the implementation, our access control model is structured in two levels: a concrete level and an abstract level. Subject and object are respectively abstracted into role and view. The level is assigned to role instead of subject and to the view instead of object. All subjects who play same role have the same level of clearance and all objects that belong to the same view have the same classification level. A subject is authorised to access to the object if its clearance level is greater than or equal to the classification level of object in a given context. The context allows us to provide dynamic authorisation, to each context switch, new authorisations are deduced. Our model allows the representation of composed contexts, the addition of new context and exception to the current context.
Keywords: multilevel access control; description logic; default; exception; authorisation; contexts; reasoner; security policy.
International Journal of Internet Technology and Secured Transactions, 2011 Vol.3 No.4, pp.354 - 372
Available online: 17 Oct 2011Full-text access for editors Access for subscribers Purchase this article Comment on this article