Active access control (AAC) with fine‐granularity and scalability

Abstract

AbstractStrong access control mechanisms become most critical when we need security services in large‐scale computing environments of sensitive organizations. Furthermore, if users join or leave such computing environment frequently, requiring different access control decisions based on their current job responsibilities and contexts, the need for advanced access control is pressing. Although the currently available access control approaches have a great potential for providing reliable service, there are still critical obstacles to be solved, especially in large‐scale, dynamic computing environments. In this paper we introduce an advanced access control mechanism, Active Access Control (AAC), which accounts for the ability to make dynamic access control decisions based not only on pre‐defined privileges, but also on the current situation of the user. The framework of the proposed AAC approach provides fine‐grained access control, by considering a variety of attributes about the user and the current computing environment, especially, when the users contexts are frequently changed. Although the outputs of the AAC approach can be integrated with any other existing access control mechanisms and improve the overall fine‐granularity, as a full demonstration of our approach for fine‐granularity as well as scalability, in this particular paper we focus on large‐scale computing environments and integrate the AAC results with the role‐based approach. Finally, in order to prove the feasibility of our proposed idea we implement the AAC approach with roles and discuss the evaluation results with existing approaches. Copyright © 2010 John Wiley & Sons, Ltd.