Abstract
e-Government services require intensive information exchange and interconnection among governmental agencies to provide specialized online services and allow informed decision-making. This could compromise the integrity, confidentiality, and/or availability of the information being exchanged. Government agencies are accountable and liable for the protection of information they possess and use on a least privilege security principle basis even after dissemination. However, traditional access control models are short of achieving this as they do not allow dynamic access to unknown users to the system, they do not provide security controls at a fine-grained level, and they do not provide persistent control over this information. This paper proposes a novel secure access control model for cross-governmental agencies. The secure model deploys a Role-centric Mandatory Access Control MAC (R-MAC) model, suggests a classification scheme for e-Government information, and enforces its application using XML security technologies. By using the proposed model, privacy could be preserved by having dynamic, persistent, and fine-grained control over their shared information.
Highlights
Electronic government (i.e. e-Government) refers to the use of Information and Communication Technologies (ICTs) to provide citizens with access to the country’s public services [1]
This paper proposes an access control model for e-Government’s connected web services to the Government Service Bus (GSB) using an access control model that would achieve least privilege principle, and as stated by the Saudi e-government law, it is centred on the security of outsourced governmental data used within GSB to provide specialized online services
This paper proposes an access control model that overcomes the limitations of traditional access control models by combining features from Mandatory Access Control (MAC) and Role-based Access Control (RBAC) and by giving clearances to roles rather than individual users to give it more flexibility and better expression of application-level security
Summary
Electronic government (i.e. e-Government) refers to the use of Information and Communication Technologies (ICTs) to provide citizens with access to the country’s public services [1]. According to Resolution 40 of the Saudi Ministers’ Council, “Information and data relevant to the user or applicant for a government service shall be viewed only by authorized persons” [10] This rule clearly states that all information systems used for the collection, transformation, processing, and/or manipulation of e-Government information must enforce appropriate information security controls to maintain the right balance between this information’s availability, confidentiality, and integrity. This paper proposes an access control model (named RMAC) for e-Government’s connected web services to the GSB using an access control model that would achieve least privilege principle, and as stated by the Saudi e-government law, it is centred on the security of outsourced governmental data used within GSB to provide specialized online services. Web services do not have any predefined security model, and require the additional implementation of techniques to protect exchanged information [28], as well as the deployment of a framework that enforces a strong security architecture [30]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Advanced Computer Science and Applications
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
