Skip to main content
SpringerLink
Log in
Book cover

International Conference on Future Data and Security Engineering

FDSE 2021: Future Data and Security Engineering pp 155–174Cite as

Authorization Strategies and Classification of Access Control Models

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 13076))

Abstract

Access control enforces authorization policies in order to prohibit unauthorized users from performing actions that could trigger a security violation. There exist numerous access control models and even more have recently evolved to conform with the challenging requirements of resource protection. That makes it hard to classify the models and choose an appropriate one satisfying security needs. This paper provides an overview of authorization strategies and proposes a rough classification of access control models providing examples for each category. In comparison with other comparative studies, we discuss more access control models including the conventional state-of-the-art models and novel ones. We also summarize each of the literature works after selecting the relevant ones focusing on database systems domain or providing a survey, a taxonomy/classification, or evaluation criteria of access control models. Additionally, the introduced categories of models are analyzed with respect to various criteria that are partly selected from the standard access control system evaluation metrics by the National Institute of Standards and Technology (NIST). Further studies for extending the list of access control models as well as analysis criteria are planned.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Extensible access control markup language (xacml) version 3.0 - oasis standard (2013). http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html

  2. Information Technology - Next Generation Access Control - Generic Operations And Data Structures (NGAC-GOADS). American National Standard for Information Technology INCITS 526–2016 (2016)

    Google Scholar 

  3. Information technology - Next Generation Access Control - Functional Architecture (NGAC-FA). American National Standard for Information Technology INCITS 499–2013 (March 2013)

    Google Scholar 

  4. Abrams, M.D.: Renewed understanding of access control policies. In: Proceedings of the 16th National Computer Security Conference-Information System Security: User Choices, pp. 87–96 (1995)

    Google Scholar 

  5. Almehmadi, A., El-Khatib, K.: Authorized! access denied, unauthorized! access granted. In: Proceedings of the 6th International Conference on Security of Information and Networks, pp. 363–367 (2013)

    Google Scholar 

  6. Astrahan, M.M., et al.: System R: relational approach to database management. ACM Trans. Database Syst. (TODS) 1(2), 97–137 (1976)

    Article  Google Scholar 

  7. Atlam, H.F., Azad, M.A., Alassafi, M.O., Alshdadi, A.A., Alenezi, A.: Risk-based access control model: a systematic literature review. Future Internet 12(6), 103 (2020). https://doi.org/10.3390/fi12060103

    Article  Google Scholar 

  8. Bell, D.E., La Padula, L.J.: Secure computer system: Unified exposition and multics interpretation. Technical report, MITRE CORP BEDFORD MA (1976)

    Google Scholar 

  9. Benantar, M.: Access Control Systems: Security, Identity Management and Trust Models. Springer Science & Business Media, Heidelberg (2005)

    Google Scholar 

  10. Bertino, E.: Data security. Data Knowl. Eng. 25(1–2), 199–216 (1998)

    Article  Google Scholar 

  11. Bertino, E., Bettini, C., Ferrari, E., Samarati, P.: Supporting periodic authorizations and temporal reasoning in database access control. In: VLDB, pp. 472–483. Citeseer (1996)

    Google Scholar 

  12. Bertino, E., Bettini, C., Ferrari, E., Samarati, P.: A temporal access control mechanism for database systems. IEEE Trans. Knowl. Data Eng. 8(1), 67–80 (1996)

    Article  Google Scholar 

  13. Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC: a temporal role-based access control model. In: Proceedings of the fifth ACM Workshop on Role-based Access Control, pp. 21–30 (2000)

    Google Scholar 

  14. Bertino, E., Ghinita, G., Kamra, A.: Access Control for Databases: Concepts and Systems. Now Publishers Inc., Norwell (2011)

    Google Scholar 

  15. Bertino, E., Samarati, P., Jajodia, S.: An extended authorization model for relational databases. IEEE Trans. Knowl. Data Eng. 9(1), 85–101 (1997)

    Article  Google Scholar 

  16. Bertino, E., Sandhu, R.: Database security-concepts, approaches, and challenges. IEEE Trans. Dependable Secur. Comput. 2(1), 2–19 (2005)

    Article  Google Scholar 

  17. Bogaerts, J., Decat, M., Lagaisse, B., Joosen, W.: Entity-based access control: supporting more expressive access control policies. In: Proceedings of the 31st Annual Computer Security Applications Conference, pp. 291–300 (2015)

    Google Scholar 

  18. Brewer, D.F., Nash, M.J.: The Chinese wall security policy. In: IEEE Symposium on Security and Privacy, vol. 1989, p. 206. Oakland (1989)

    Google Scholar 

  19. Browder, K., Davidson, M.A.: The virtual private database in oracle9ir2. Oracle Tech. White Pap. Oracle Corporation 500(280) (2002)

    Google Scholar 

  20. Cheng, P.C., Rohatgi, P., Keser, C., Karger, P.A., Wagner, G.M., Reninger, A.S.: Fuzzy multi-level security: an experiment on quantified risk-adaptive access control. In: 2007 IEEE Symposium on Security and Privacy (SP 2007), pp. 222–230. IEEE (2007)

    Google Scholar 

  21. Clark, D.D., Wilson, D.R.: A comparison of commercial and military computer security policies. In: 1987 IEEE Symposium on Security and Privacy, pp. 184–184. IEEE (1987)

    Google Scholar 

  22. Damiani, M.L., Bertino, E., Catania, B., Perlasca, P.: Geo-RBAC: a spatially aware RBAC. ACM Trans. Inf. Syst. Secur. (TISSEC) 10(1), 2-es (2007)

    Google Scholar 

  23. Danwei, C., Xiuli, H., Xunyi, R.: Access control of cloud service based on UCON. In: Jaatun, M.G., Zhao, G., Rong, C. (eds.) CloudCom 2009. LNCS, vol. 5931, pp. 559–564. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10665-1_52

    Chapter  Google Scholar 

  24. Eckert, C.: IT-Sicherheit, 9th edn. De Gruyter Oldenbourg, Munich (2014)

    Google Scholar 

  25. Ferraiolo, D., Chandramouli, R., Kuhn, R., Hu, V.: Extensible access control markup language (xacml) and next generation access control (ngac). In: Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control, pp. 13–24 (2016)

    Google Scholar 

  26. Fong, P.W.: Relationship-based access control: protection model and policy language. In: Proceedings of the first ACM Conference on Data and Application Security and Privacy, pp. 191–202 (2011)

    Google Scholar 

  27. Gao, X.W., Jiang, Z.M., Jiang, R.: A novel data access scheme in cloud computing. In: Advanced Materials Research, vol. 756, pp. 2649–2654. Trans Tech Publ (2013)

    Google Scholar 

  28. Gates, C.: Access control requirements for web 2.0 security and privacy. IEEE Web 2, 12–15 (2007)

    Google Scholar 

  29. Griffiths, P.P., Wade, B.W.: An authorization mechanism for a relational database system. ACM Trans. Database Syst. (TODS) 1(3), 242–255 (1976)

    Article  Google Scholar 

  30. Harris, S., Maymi, F.: CISSP All-in-One Exam Guide. McGraw-Hill, New York (2010)

    Google Scholar 

  31. Hota, C., Sanka, S., Rajarajan, M., Nair, S.K.: Capability-based cryptographic data access control in cloud computing. Int. J. Adv. Netw. Appl. 3(3), 1152–1161 (2011)

    Google Scholar 

  32. Hu, H., Ahn, G.J., Jorgensen, J.: Multiparty access control for online social networks: model and mechanisms. IEEE Trans. Knowl. Data Eng. 25(7), 1614–1627 (2012)

    Article  Google Scholar 

  33. Hu, V.C., et al.: Guide to attribute based access control (abac) definition and considerations (2014). https://doi.org/10.6028/NIST.SP.800-162, https://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.SP.800-162.pdf

  34. Hu, V.C., Ferraiolo, D.F., Chandramouli, R., Kuhn, D.R.: Attribute-Based Access Control. Artech House, London (2017)

    Google Scholar 

  35. Hu, V.C., Scarfone, K.: Guidelines for Access Control System Evaluation Metrics. National Institute of Standards and Technology, Gaithersburg, MD (2012). https://doi.org/10.6028/NIST.IR.7874

  36. Kalam, A.A.E., et al.: Organization based access control. In: Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks, pp. 120–131. IEEE (2003)

    Google Scholar 

  37. Karatas, G., Akbulut, A.: Survey on access control mechanisms in cloud computing. J. Cyber Secur. Mobil. (2018). https://doi.org/10.13052/2245-1439.731

  38. Keefe, T.F., Tsai, W.T., Srivastava, J.: Database concurrency control in multilevel secure database management systems. IEEE Trans. Knowl. Data Eng. 5(6), 1039–1055 (1993)

    Article  Google Scholar 

  39. Kriti, I.K.: Database security & access control models: a brief overview. Int. J. Eng. Res. Technol. (IJERT) 2(5) (2013)

    Google Scholar 

  40. Li, J., et al.: Fine-grained data access control systems with user accountability in cloud computing. In: 2010 IEEE Second International Conference on Cloud Computing Technology and Science, pp. 89–96. IEEE (2010)

    Google Scholar 

  41. Majumder, A., Namasudra, S., Nath, S.: Taxonomy and classification of access control models for cloud environments. In: Mahmood, Z. (ed.) Continued Rise of the Cloud. CCN, pp. 23–53. Springer, London (2014). https://doi.org/10.1007/978-1-4471-6452-4_2

    Chapter  Google Scholar 

  42. Matt, B.: Computer Security: Art and Science. Addison-Wesley Professional, Boston (2018)

    Google Scholar 

  43. Mell, P., Grance, T., et al.: The nist definition of cloud computing (2011)

    Google Scholar 

  44. Molloy, I., Dickens, L., Morisset, C., Cheng, P.C., Lobo, J., Russo, A.: Risk-based security decisions under uncertainty. In: Proceedings of the second ACM Conference on Data and Application Security and Privacy, pp. 157–168 (2012)

    Google Scholar 

  45. Ni, Q., Bertino, E., Lobo, J.: Risk-based access control systems built on fuzzy inferences. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pp. 250–260 (2010)

    Google Scholar 

  46. Park, J., Sandhu, R.: Originator control in usage control. In: Proceedings Third International Workshop on Policies for Distributed Systems and Networks, pp. 60–66. IEEE (2002)

    Google Scholar 

  47. Petkovic, M., Jonker, W.: Security, Privacy, and Trust in Modern Data Management. Springer, Heidelberg (2007)

    Google Scholar 

  48. Qiu, J., Tian, Z., Du, C., Zuo, Q., Su, S., Fang, B.: A survey on access control in the age of internet of things. IEEE Internet Things J. 7(6), 4682–4696 (2020). https://doi.org/10.1109/JIOT.2020.2969326

    Article  Google Scholar 

  49. Rajbhandari, L., Snekkenes, E.A.: Using game theory to analyze risk to privacy: an initial insight. In: Fischer-Hübner, S., Duquenoy, P., Hansen, M., Leenes, R., Zhang, G. (eds.) Privacy and Identity 2010. IAICT, vol. 352, pp. 41–51. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20769-3_4

    Chapter  Google Scholar 

  50. Sahafizadeh, E., Parsa, S.: Survey on access control models. In: 2010 2nd International Conference on Future Computer and Communication, vol. 1. IEEE (2010)

    Google Scholar 

  51. Samarati, P., de Vimercati, S.C.: Access control: policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 137–196. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45608-2_3

    Chapter  MATH  Google Scholar 

  52. Sandhu, R.S., Samarati, P.: Access control: principle and practice. IEEE Commun. Mag. 32(9), 40–48 (1994). https://ieeexplore.ieee.org/document/312842

  53. Sifou, F., Kartit, A., Hammouch, A.: Different access control mechanisms for data security in cloud computing. In: Proceedings of the 2017 International Conference on Cloud and Big Data Computing, pp. 40–44. ACM, New York NY (2017). https://doi.org/10.1145/3141128.3141133

  54. Sun, L., Wang, H.: A purpose based usage access control model. Int. J. Comput. Inf. Eng. 4(1), 44–51 (2010)

    MathSciNet  Google Scholar 

  55. Tamizharasi, G., Balamurugan, B., Manjula, R.: Attribute based encryption with fine-grained access provision in cloud computing. In: Proceedings of the International Conference on Informatics and Analytics, pp. 1–4 (2016)

    Google Scholar 

  56. Tapiador, A., Carrera, D., Salvachúa, J.: Tie-RBAC: an application of RBAC to social networks. arXiv preprint arXiv:1205.5720 (2012)

  57. Wu, Y., Suhendra, V., Guo, H.: A gateway-based access control scheme for collaborative clouds. In: Proceedings of the 7th International Conference on Internet Monitoring and Protection, pp. 54–60 (2012)

    Google Scholar 

  58. Xie, Y., Wen, H., Wu, B., Jiang, Y., Meng, J.: A modified hierarchical attribute-based encryption access control method for mobile cloud computing. IEEE Trans. Cloud Comput. 7(2), 383–391 (2015)

    Article  Google Scholar 

  59. Xu, Y., Zeng, Q., Wang, G., Zhang, C., Ren, J., Zhang, Y.: A privacy-preserving attribute-based access control scheme. In: Wang, G., Chen, J., Yang, L.T. (eds.) SpaCCS 2018. LNCS, vol. 11342, pp. 361–370. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-05345-1_31

    Chapter  Google Scholar 

  60. Zeng, W., Yang, Y., Luo, B.: Content-based access control: use data content to assist access control for large-scale content-centric databases. In: 2014 IEEE International Conference on Big Data (Big Data), pp. 701–710. IEEE (2014)

    Google Scholar 

  61. Zhu, Y., Hu, H., Ahn, G.J., Huang, D., Wang, S.: Towards temporal access control in cloud computing. In: 2012 Proceedings IEEE INFOCOM, pp. 2576–2580. IEEE (2012)

    Google Scholar 

Download references

Acknowledgement

The research reported in this paper has been partly supported by the LIT Secure and Correct Systems Lab funded by the State of Upper Austria. The work was also funded within the FFG BRIDGE project KnoP-2D (grant no. 871299).

Author information

Authors and Affiliations

  1. Institute for Application-oriented Knowledge Processing (FAW), Linz, Austria

    Aya Mohamed, Dagmar Auer, Daniel Hofer & Josef Küng

  2. LIT Secure and Correct Systems Lab, Linz Institute of Technology (LIT), Johannes Kepler University (JKU) Linz, Linz, Austria

    Aya Mohamed, Dagmar Auer, Daniel Hofer & Josef Küng

Authors
  1. Aya Mohamed
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dagmar Auer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Daniel Hofer
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Josef Küng
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Aya Mohamed or Dagmar Auer .

Editor information

Editors and Affiliations

  1. HCMC University of Technology, Ho Chi Minh City, Vietnam

    Tran Khanh Dang

  2. Johannes Kepler University of Linz, Linz, Austria

    Josef Küng

  3. Sungkyunkwan University, Suwon, Korea (Republic of)

    Tai M. Chung

  4. Hosei University, Koganei-shi, Tokyo, Japan

    Makoto Takizawa

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Mohamed, A., Auer, D., Hofer, D., Küng, J. (2021). Authorization Strategies and Classification of Access Control Models. In: Dang, T.K., Küng, J., Chung, T.M., Takizawa, M. (eds) Future Data and Security Engineering. FDSE 2021. Lecture Notes in Computer Science(), vol 13076. Springer, Cham. https://doi.org/10.1007/978-3-030-91387-8_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-91387-8_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-91386-1

  • Online ISBN: 978-3-030-91387-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation