Permission-Based Separation of Duty in Dynamic Role-Based Access Control Model

Muhammad  Umar Aftab; Zhiguang Qin; Negalign  Wake Hundera; Oluwasanmi Ariyo; Zakria; Ngo  Tung Son; Tran  Van Dinh

doi:10.3390/sym11050669

Symmetry (May 2019)

Permission-Based Separation of Duty in Dynamic Role-Based Access Control Model

Muhammad Umar Aftab,
Zhiguang Qin,
Negalign Wake Hundera,
Oluwasanmi Ariyo,
Zakria,
Ngo Tung Son,
Tran Van Dinh

Affiliations

Muhammad Umar Aftab: School of Information and Software Engineering, University of Electronic Science and Technology of China, Chengdu 610054, China
Zhiguang Qin: School of Information and Software Engineering, University of Electronic Science and Technology of China, Chengdu 610054, China
Negalign Wake Hundera: School of Information and Software Engineering, University of Electronic Science and Technology of China, Chengdu 610054, China
Oluwasanmi Ariyo: School of Information and Software Engineering, University of Electronic Science and Technology of China, Chengdu 610054, China
Zakria: School of Information and Software Engineering, University of Electronic Science and Technology of China, Chengdu 610054, China
Ngo Tung Son: Computing Fundamental Department, FPT University, Hanoi 10000, Vietnam
Tran Van Dinh: Department of Computer Science, University of Freiburg, 79098 Freiburg, Germany

DOI: https://doi.org/10.3390/sym11050669
Journal volume & issue: Vol. 11, no. 5
p. 669

Abstract

Read online

A major development in the field of access control is the dominant role-based access control (RBAC) scheme. The fascination of RBAC lies in its enhanced security along with the concept of roles. In addition, attribute-based access control (ABAC) is added to the access control models, which is famous for its dynamic behavior. Separation of duty (SOD) is used for enforcing least privilege concept in RBAC and ABAC. Moreover, SOD is a powerful tool that is used to protect an organization from internal security attacks and threats. Different problems have been found in the implementation of SOD at the role level. This paper discusses that the implementation of SOD on the level of roles is not a good option. Therefore, this paper proposes a hybrid access control model to implement SOD on the basis of permissions. The first part of the proposed model is based on the addition of attributes with dynamic characteristics in the RBAC model, whereas the second part of the model implements the permission-based SOD in dynamic RBAC model. Moreover, in comparison with previous models, performance and feature analysis are performed to show the strength of dynamic RBAC model. This model improves the performance of the RBAC model in terms of time, dynamicity, and automatic permissions and roles assignment. At the same time, this model also reduces the administrator’s load and provides a flexible, dynamic, and secure access control model.

Published in Symmetry

ISSN: 2073-8994 (Online)
Publisher: MDPI AG
Country of publisher: Switzerland
LCC subjects: Science: Mathematics
Website: http://www.mdpi.com/journal/symmetry/

About the journal

Abstract

Keywords