scholarly journals A 4D-Role Based Access Control Model for Multitenancy Cloud Platform

2016 ◽  
Vol 2016 ◽  
pp. 1-16 ◽  
Author(s):  
Jiangfeng Li ◽  
Zhenyu Liao ◽  
Chenxi Zhang ◽  
Yang Shi
Keyword(s):  
Access Control ◽  
Large Scale ◽  
Control Model ◽  
Role Based Access Control ◽  
Cloud Platform ◽  
Access Control Model ◽  
Role Hierarchy ◽  
User Access ◽  
Role Based ◽  
Novel Concept

Since more and more applications and services have been transferred from servers in the B/S architecture to cloud, user access control has become a significant part in a multitenancy cloud platform. Role based access control model makes users participate in an enterprise system as particular identities. However, in a multitenancy cloud environment, it has a high probability that the information of tenants has been leaked by using existing role based access control (RBAC) model. Moreover, management problems may emerge in the multitenancy platform with the increment of the number of tenants. In this paper, a novel concept of 4D-role is presented. With a detailed definition on the concept of 4D-role, a 4D-role based multitenancy model is proposed for running various applications and services in the multitenancy cloud platform. A theoretical analysis indicates that the model has the characters of tenant isolation, role hierarchy, and administration independence. The three characters are also verified by experimental evaluation. Moreover, the evaluation results indicate that the model has a good performance in using cloud resources when large-scale users are operating in the cloud platform simultaneously.

scholarly journals Evolution of access control models for protection of patient details: a survey

2018 ◽  
Vol 7 (2.8) ◽  
pp. 554
Author(s):  
Geetanjali Sinha ◽  
Prabhu Shankar K.C ◽  
Shaurya Jain
Keyword(s):  
Access Control ◽  
Control Model ◽  
Role Based Access Control ◽  
Patient Privacy ◽  
Access Control Model ◽  
Access Control Models ◽  
Control Models ◽  
Role Hierarchy ◽  
Role Based ◽  
Electronic Hospital

Hospitals across the world are adapting to Electronic Hospital Information Systems and are moving away from the manual paper systems to provide patients efficient services. Numerous Access ControlModels have been deployed for securing patient privacy one of them being Role Based Access Control Model (RBAC). The current models merely allow access on the basis of roles and role hierarchy without actually understanding the real intention of the person accessing the system. This could lead to a compromise of patient privacy and thus new methods have been evolving. In this survey we will see an evolution of the access control models which lead to the discovery of KC-RBAC (Knowledge Constrained Role Based Access Control) Model which takes into consideration the knowledge related to the medical domain along with the role to provide authorization.

An Audit-Integrated ARBAC Model

2012 ◽  
Vol 263-266 ◽  
pp. 1600-1604
Author(s):  
Qiang Liu ◽  
Jian Hua Zhang
Keyword(s):  
Access Control ◽  
Decision Process ◽  
Large Scale ◽  
Control Model ◽  
Main Stream ◽  
Role Based Access Control ◽  
Access Control Model ◽  
Distributed Application ◽  
Role Based ◽  
Set Up

Role-Based Access Control (RBAC) model is the main-stream access control model. When addressing large-scale and distributed application, the highest Security Administrator(SA) of RBAC model always try to transfer his management authority to his inferior SAs to decrease his workload. However, How to ensure that these inferior SAs perform their management authorities legally is a big problem. Although there are a technology framework of administrative RBAC model, named ARBAC97, the supervise mechanism and audit mechanism on the utilization of transferred authorities is incomplete in RBAC model. In this research, an audit-integrated ARBAC (au-ARBAC) model is presented. In the au-ARBAC model, a right and liability mechanism has been set up, an audit role is defined and auditing permission is assigned to this role. At the same time, we put forwards two types basic audit business: routine audit and accident audit. As to accident audit, a decision process for division of responsibility is designed to clarify the responsibility of wrongdoer SAs. The Au-ARBAC model can help to improve the Consciousness of authorization responsibility and to perform their management authorities responsibly and legally.

Sign in / Sign up

Export Citation Format

Share Document