An efficient fine grained access control scheme based on attributes for enterprise class applications

Abstract

Fine-grained access control is used to assign unique access privilege to a particular user for accessing any particular enterprise class application for which he/she is authorized. The existing mechanisms for restricting access of users to resources are mostly static and not fine grained. Those are not well-suited for the enterprise class applications where information access is dynamic and ad-hoc in nature. As a result, we need to design an effective fine grained access as well as authorization control scheme to control access to objects by evaluating rules against the set of attributes given both for the users and application objects. In this paper, we propose a new fine grained access and authorization control scheme based on attributes which is suitable for large enterprise class applications. The strengths of our proposed scheme based on attributes are that it provides fine grained access control with its authorization architecture and policy formulation based on attribute based access tree. In comparison with the role based access control (RBAC) approach, in this scenario there is no need to explicitly define any roles. Here, based on user access tree any user can get access to any particular application with full granularity.