Title: Using classification for role-based access control management

Authors: Nazia Badar; Jaideep Vaidya; Vijayalakshmi Atluri; Nino Vincenzo Verde; Janice Warner

Addresses: CIMIC and MS/IS Department, Rutgers University, 1 Washington Park, Newark, NJ 07102, USA ' CIMIC and MS/IS Department, Rutgers University, 1 Washington Park, Newark, NJ 07102, USA ' CIMIC and MS/IS Department, Rutgers University, 1 Washington Park, Newark, NJ 07102, USA ' Department of Mathematics Italy, Roma Tre University, Largo S. Leonardo Murialdo, 1 Room 005, 00146 Rome, Italy ' School of Business, Georgian Court University, 900 Lakewood Ave. Lakewood, NJ 08701-2697, USA

Abstract: Access control is based on the specification of rights to resources. Role-based access control (RBAC) has emerged as one of the most robust security models which significantly simplifies administrative overheads. Despite all the compelling benefits that RBAC offers, it still lacks the ability to handle dynamic environment aspect and handling any unforeseen situations. Manual intervention becomes necessary when a user who is not previously defined in the system requests an access. For a system administrator, it becomes challenging to decide whether a submitted request should be honoured or not and how a new user can be added to the existing system in a secure manner. These issues have significantly increased the demand for new access control solutions that provide flexible, yet secure access. In this paper, we present an approach to facilitate automatic enforcement of access control policies when a new user is added to an existing access control system. Our approach is based on classification method. To evaluate the effectiveness of our approach we performed extensive experiments on both real and synthetic datasets. We compare the performance of our approach to another well-known approach that was proposed earlier to handle a similar problem. Experimental results show that our approach performs very well. Moreover, we have found that our approach is relatively easier to implement.

Keywords: role-based access control; access control management; classification; coalitions; collaboration; semantics; new users.

DOI: 10.1504/IJTPM.2016.075940

International Journal of Technology, Policy and Management, 2016 Vol.16 No.1, pp.45 - 78

Received: 11 Oct 2014
Accepted: 13 Apr 2015

Published online: 17 Apr 2016 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article