Information Technology Reference
In-Depth Information
An Efficient Access Control Model
Utilized the Attribute Certificate Structuring
Soomi Yang
The University of Suwon,
Kyungki-do Hwasung-si Bongdam-eup Wau-ri san 2-2,
445-743, Korea
smyang@suwon.ac.kr
Abstract.
For an efficient role based access control using attribute certificate,
we use a technique of structuring role specification certificates. It can reduce
management cost and overhead incurred when changing the specification of the
role. Especially, the highly distributed computing environments that cannot
have global or broad control need another attribute certificate management
technique. In this paper, the roles are grouped and made them into the relation
tree. In order to be scalable distribution of the role specification certificate, we
use multicasting packets. Also, performance enhancement of structuring role
specification certificates is quantified in the sense of taking into account of the
packet loss. In the experimental section, it is shown that role updating and dis-
tribution are secured and efficient.
1 Introduction
American National Standards Institute, International Committee for Information
Technology Standards (ANSI/INCITS) as ANSI INCITS 359-2004 is the information
technology industry consensus standard for RBAC[1,2]. It reflects the importance of
role based access control and shows that it makes the base of information technology.
Highly distributed collaborating environments such as ubiquitous network usually
support the authorization of resources at varying levels of access. Furthermore, a
significant characteristic of highly distributed environments is the need for interac-
tions of highly collaborating entities to be secure. However, it could not have any
central or global control. Due to the lack of central control, the autonomous entities
form trust relations [3]. In the trust model, role based access control through the dele-
gation of privileges to entities trusted via the use of certificates are used. They can
be chained to represent recommendations and the propagation of trust.
For secure communication of highly distributed environments, we distribute the
role specifications according to the levels of access. It accords with the characteristics
of the distributed environments and sometimes is inevitable. In this paper, the concept
of trust model is adopted. Our method is different from the privilege delegation [2]
and it can be thought of as the distribution of privileges. In addition, we group roles,
which is different from the typical methods which group subjects only [1,6,7]. The
property of the role group not only results in reduced network traffic but also reduces
the overhead on the group manager. For scalability, we use multicast for distribution
