Authors: Hasiba Ben Attia; Laid Kahloul; Saber Benharzallah
Addresses: LINFI Laboratory, Computer Science Department, Biskra University, Algeria ' LINFI Laboratory, Computer Science Department, Biskra University, Algeria ' Computer Science Department, Batna 2 University, Algeria
Abstract: In this paper, a new hybrid, flexible, scalable and fine-grained model, fine-grained role-attribute access control (FRABAC) is proposed. FRABAC combines the benefits of the two most popular basic models: role-based access control (RBAC) and attribute-based access control (ABAC). The new proposed model overcomes the shortcomings of both models RBAC and ABAC known as combinatorial explosion in rules and roles when the security policy becomes complicated. Besides avoiding the combinatorial explosion, the new proposed model provides a role permission agreement (APA) to handle inter organisational access decision in collaborative cloud services cases. The proposed model is applied to define the security policies in realistic case studies and results are compared to previous existing models. On the other hand, the consistency and the correctness of the built policies are analysed through a formal modelling/analysis approach. This formal approach uses hierarchical coloured Petri nets (HCPNs) to model the policy and the CPN-tools to analyse the generated models.
Keywords: fine-grained access control; hybrid model; flexible model; cloud computing; collaborative cloud services; role-based access control; RBAC; attribute-based access control; ABAC; coloured Petri nets; formal verification; CPN-tool.
International Journal of Management and Decision Making, 2018 Vol.17 No.3, pp.245 - 278
Available online: 28 Jun 2018 *Full-text access for editors Access for subscribers Purchase this article Comment on this article