Abstract
A major development in the field of access control is the dominant role-based access control (RBAC) scheme. The fascination of RBAC lies in its enhanced security along with the concept of roles. In addition, attribute-based access control (ABAC) is added to the access control models, which is famous for its dynamic behavior. Separation of duty (SOD) is used for enforcing least privilege concept in RBAC and ABAC. Moreover, SOD is a powerful tool that is used to protect an organization from internal security attacks and threats. Different problems have been found in the implementation of SOD at the role level. This paper discusses that the implementation of SOD on the level of roles is not a good option. Therefore, this paper proposes a hybrid access control model to implement SOD on the basis of permissions. The first part of the proposed model is based on the addition of attributes with dynamic characteristics in the RBAC model, whereas the second part of the model implements the permission-based SOD in dynamic RBAC model. Moreover, in comparison with previous models, performance and feature analysis are performed to show the strength of dynamic RBAC model. This model improves the performance of the RBAC model in terms of time, dynamicity, and automatic permissions and roles assignment. At the same time, this model also reduces the administrator’s load and provides a flexible, dynamic, and secure access control model.
Highlights
One of the building blocks of information and network security is the access control that is used to give or revoke access to the resources of the organization [1]
When a role is professed as MER to apply Separation of duty (SOD), all the permissions are affected because all permissions become mutually exclusive permissions (MEP), as given in role-based access control (RBAC) standard [9]
If we look at the SOD definition, we come to recognize that SOD is imposed to avoid conflict of interest (COI)
Summary
One of the building blocks of information and network security is the access control that is used to give or revoke access to the resources of the organization [1]. A dynamic access control model has been proposed that when the number of users increases [17]. There are two main contributions of this paper; the first contribution is adding attributes in the typical RBAC model that makes it dynamic RBAC model In this way, the assignment of permissions to roles and roles to users is automatic. The declaration and assignment of conflicting and non-conflicting permissions are performed with the help of attributes These permissions were declared and assigned manually in a typical RBAC model. The second contribution is the implementation of SOD on the level of permissions instead of the level of roles In this way, the authority level of end users remains the same and the system will not violate SOD in our proposed model. Section six forms a conclusion and discusses the future direction of the paper
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
