PBAC:Provision-based access control model

Kudo, Michiharu
March 2002
International Journal of Information Security;2002, Vol. 1 Issue 2, p116
Academic Journal
Over the years a wide variety of access control models and policies have been proposed, and almost all the models have assumed "grant the access request or deny it." They do not provide any mechanism that enables us to bind authorization rules with required operations such as logging and encryption. We propose the notion of a "provisional action" that tells the user that his request will be authorized provided he (and/or the system) takes certain actions. The major advantage of our approach is that arbitrary actions such as cryptographic operations can all coexist in the access control policy rules. We define a fundamental authorization mechanism and then formalize a provision-based access control model. We also present algorithms and describe their algorithmic complexity. Finally, we illustrate how provisional access control policy rules can be specified effectively in practical usage scenarios.


Related Articles

  • Dropbox Hacking Details Unveiled.  // Micro Mart;9/12/2013, Issue 1277, p35 

    The article reports on the details of how one could bypass two-factor authentication security in the Dropbox cloud service that were revealed by developers.

  • Understanding Multi-Factor Authentication.  // PC Quest;Aug2012, p89 

    The article provides an overview on the concept of multi-factor authentication.

  • Using Split Capabilities for Access Control. Karp, Alan H.; Rozas, Guillermo J.; Banerji, Arindam; Gupta, Rajiv // IEEE Software;Jan/Feb2003, Vol. 20 Issue 1, p42 

    Describes the benefits of using split-capabilities method for computer security. Improved scalability and revocation of privileges in controlling access to resources; Division of capabilities into two parts.

  • How Safe Is Your Password? Hering, Beth Braccio // Office Professional;Feb2013, Vol. 33 Issue 2, p1 

    The article lists suggestions for constructing a secure and easy-to-remember password which include using longer passwords, using scrambled sentences for passwords, and creating passwords with alphabets, punctuations and numbers.

  • Candidate Password Analysis of User-Interactive Password Schemes. Sung-Hwan Kim; Hwan-Gue Cho // International Proceedings of Computer Science & Information Tech;2012, Vol. 24, p200 

    A number of password schemes have recently been developed based on the challenge-response method to overcome the risk of shoulder-surfing attacks. There is, however, a lack of understanding about the fundamentals and general properties of password schemes. Moreover, although researchers have...

  • Pathetic passwords. Harrison, Ann // Software Magazine;Feb98, Vol. 18 Issue 3, p18 

    No abstract available.

  • Password hardening based on keystroke dynamics. Monrose, Fabian; Reiter, Michael K.; Wetzel, Susanne // International Journal of Information Security;2002, Vol. 1 Issue 2, p69 

    We present a novel approach to improving the security of passwords. In our approach, the legitimate user's typing patterns (e.g., durations of keystrokes and latencies between keystrokes) are combined with the user's password to generate a hardened password that is convincingly more secure than...

  • Access control software makes its debut. Messmer, Ellen // Network World;11/24/97, Vol. 14 Issue 47, p40 

    Features various access control software exhibited at the 1997 Computer Security Conference & Exhibition held in Washington, D.C. Includes EagleEye Control Software's Control-SA; Platinum Technology Inc.'s AutoSecure Single Sign-On 5.0.

  • 'Password' is a bad password.  // Office Professional;Jun2011, Vol. 31 Issue 6, p5 

    The article offers tips on how improve password to prevent hackers from getting into user's email.


Read the Article


Sorry, but this item is not currently available from your library.

Try another library?
Sign out of this library

Other Topics