Abstract
In this article, a novel criterion-based multilayer access control (CBMAC) approach is presented to enhance existing access control models such as Role-Based, Mandatory, and Discretionary Access Control models to support multilayer (multilevel) access control. The proposed approach is based on a set of predefined security criteria which are extracted from authorization rules. The security attributes of objects and users are specified by security criterion expressions (serving as locks) and the elements (serving as keys) of security criterion subsets respectively. An object embedded with a number of security criterion expressions becomes a secure object while a user associated with a security criterion subset is called a secure user. The multilayer access control is achieved by evaluating the embedded security criterion expressions (actuating locks) by the elements (keys) in a user's security criterion subset. The paper also provides the details of integrating the proposed approach with existing access control models and presents the implementation considerations of Criterion-Based Role-Based Multilayer Access Control, the integration of CBMAC and Role-Based Access Control.
- Adam, N., Atilri V., Bertino, E., and Ferrari, E. 2002. A content-based authorization model for digital libriaries. IEEE Trans. Knowl. Data Engine. 14, 2. Google Scholar
Digital Library
- Bell, D. and LaPadula, L. 1996. The Bell-LaPadula model. J. Comput. Secu. 4, 2, 239--263. Google Scholar
Digital Library
- Bertino, E., Fan J., Ferrari, E., Hacid, M. S., Elmagarmjd, A., and Zhu, X. 2003. A hierarchical access control model for video database system. ACM Trans. Inform. Syst. 21, 2, 155--191. Google Scholar
Digital Library
- Bertino, E., Ferrari, E., and Perego, A. 2002. Max: An access control system for digital libraries and the Web, http://semioweb.msh-paris.fr/euforbia/download/max.pdfGoogle Scholar
- Bertino, E., Hammad, M., Aref, W., and Elmagarmjd, A. 2000. An access control model for video database systems. In Proceedings of the International Conference on Information and Knowledge Management, 336--343. Google Scholar
Digital Library
- Damiani, E., De Capitani di Vimercati, S., and Samarati, P. 2005. New paradigms for access control in open environments. In Proceedings of the 5th IEEE International Symposium on Signal Processing and Information.Google Scholar
- Damiani, E., De Capitani S., Fernandez-Medina, E., and Samarati, P. 2002. An access control system for SVG documents. In Proceedings of the 16th Annual IFIP WG11.3 Workshop Conference on Data and Application Security.Google Scholar
- Fernandez-Medina, E., Ruiz, G., and De Capitani, di Vimerati, S. 2003. Implementing an Access Control System for SVG Documents. Lecture Notes in Computer Science. 741--753.Google Scholar
- Kodali, N., Farkas C., and Wijesekera, D. Multimedia Access Control using RDF Metadata. http://www.cse.sc.edu/~farkas/publications/c11.pdfGoogle Scholar
- Kosch, H. 2004. Distributed Multimedia Database Technologies Supported by MPEG-7 and MPEG-21, CEC Press.Google Scholar
- Manjunath, B. S., Salembier, P., and Sikora, T. 2002. Introduction to MPEG-7 Multimedia Content Description Interface, John Wiley & Sons, Ltd. Google Scholar
Digital Library
- National Computer Security Center. 1987. A guide to understanding discretionary access control in trusted systems. http://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-003.htmlGoogle Scholar
- Pan, L. and Zhang, C. 2006. A criterion-based role-based multilayer access control model for multimedia applications. In Proceedings of the IEEE International Symposium on Multimedia (ISM'06). Google Scholar
Digital Library
- Park, J. and Sandhu, R. 2004. The UCONABC usage control model. ACM Trans. Inform. Syst. Secu. 7, 1. Google Scholar
Digital Library
- Rabitti, F., Bertino, E., Kim, W., and Woelk, D. 1991. A model of authorization for next-generation database systems. ACM Trans. Datab. Syst. 16, 1, 88--131. Google Scholar
Digital Library
- Salembier, P. and Smith, J. R. 2001. MPEG-7 multimedia description schemes. IEEE Trans. Circ. Syst. Video Techn. 11, 6, 748--759. Google Scholar
Digital Library
- Sandhu, R., Coyne, E., Feinstein, H., and Youman, C. 1996. Role-based access control models. IEEE Comput. 29, 2, 38--47. Google Scholar
Digital Library
- W3C Recommendation. 2004. XML schema part 0: Primer second edition, http://www.w3.org/TR/xmlschema-0/.Google Scholar
- W3C Recommendation. 2004. XML Schema part 1: Structures second edition, http://www.w3.org/TR/2004/REC-xmlschema-1-20041028/structures.htmlGoogle Scholar
- W3C Recommendation. 2004. XML Schema part 2: Datatypes second edition, http://www.w3.org/TR/2004/REC-xmlschema-2-20041028/datatypes.htmlGoogle Scholar
- Walmsley, P. 2002. Definitive XML Schema, Prentice Hall. Google Scholar
Digital Library
- Wang, L., Wijesekera, D., and Jajodia, S. 2004. A logic-based framework for attribute based access control. In Proceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering. Google Scholar
Digital Library
- Yuan, E. and Tong, J. 2005. Attributed based access control (ABAC) for Web services. In Proceedings IEEE International Conference on Web Services (ICW'05). Google Scholar
Digital Library
Index Terms
A criterion-based multilayer access control approach for multimedia applications and the implementation considerations
Recommendations
A Criterion-Based Role-Based Multilayer Access Control Model for Multimedia Applications
ISM '06: Proceedings of the Eighth IEEE International Symposium on MultimediaThis paper presents a Criterion-Based Role-Based Multilayer Access Control model in which a number of security criterion expressions are embedded into every object to specify the security attributes of its sub objects. Meanwhile, a security criterion ...
Configuring role-based access control to enforce mandatory and discretionary access control policies
Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...






Comments