Abstract
Access control is fundamental and prerequisite to govern and safeguard information assets within an organisation. Organisations generally use web enabled remote access coupled with applications access distributed on the various networks facing various challenges including increase operation burden, monitoring issues due to the dynamic and complex nature of security policies for access control. The increasingly dynamic nature of collaborations means that in one context a user should have access to sensitive information and not applicable for another context. The current access control models are static and lack of Dynamic Segregation of Duties (SoD), Task instance level of Segregation and decision making in real time. This paper addresses the limitations and supports access management in borderless network environment with dynamic SoD capability at real time access control decision making and policy enforcement. This research makes three contributions: i) Defining an Authorising Workflow Task Role Based Access Control using the existing task and workflow concepts. It integrates the dynamic SoD considering the task instance restriction to ensure overall access governance and accountability. It enhances the existing access control models such as RBAC by dynamically granting users access right and providing Access governance. ii) Extended the OASIS standard of XACML policy language to support the dynamic access control requirements and enforce the access control rules for real time decision making to mitigate risk relating to access control such as escalation of privilege in broken access control and insufficient logging and monitoring iii) The model is implemented using open source Balana policy engine to demonstrate its applicability to a real industrial use case from a financial institution. The results show that, AW-TRBAC is scalable consuming relatively large number of complex request and able to meet the requirements of dynamic access control characteristics.
Highlights
Identity and access management (IAM) is a framework for business processes that facilitates the management of legitimate user identity and access control of business sensitive assets
Other research considered the approaches on the decentralised granular level of entitlements such as; Role Based Access Control (RBAC) (Rajpoot et al [27]), Attribute Based Access Control (ABAC) Biswas et al [3], XACML (Oasis, 2010), and Risk Adaptive Access Control (RAdAC) Farroha and Farroha [7]
XACML-based policy language has been considered to support requirements as policies to validate on IT workflow task and APIs to integrate the AW-TRBAC model with WSO2 product service, to facilitate the additional functionality capabilities, dynamic segregation of duties (SoD) and IR, which currently not supported by Balana Engine
Summary
Identity and access management (IAM) is a framework for business processes that facilitates the management of legitimate user identity and access control of business sensitive assets. THE PROPOSED AW-TRBAC The proposed Authorising Workflow Task Role Based Access Control (AW-TRBAC) model considers granting users access rights through role change in a dynamic context.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
