Combined Fine-grained and Role-based Access Control Mechanism

Abstract

Different access control methods have been proposed to ensure data security in a computer system. Approaches to access control include role-based access control and fine-grained access control. However these systems suffer from complexity or inadequate security. Although the role-based access control is efficient in terms of the overheads related to security it is not as secure as fine-grained access control. On the other hand fine-grained access control is secure, but very inefficient for storing access information. To solve this problem, we propose a combined fine grained-role based access control system. A graph representation is used to capture the combined model. Furthermore, in this thesis we propose a combined system which caters for the following: - System with one user and one role - System with one user and multiple roles - System with multiple users and one role - System with multiple users and multiple roles. Formal Graph Merging operations for the above four scenarios have been defined. The merging operation merges a graph representing the fine-grained system with a graph representing the role based system to generate a new graph model of the combined role-based fine-grained system. The combined system introduces the new rules for access control based on the above four categories. Simulation results show that the combined system has the efficiency of the role-based access control and at the same time, the security of the fine-grained control system. . A formal grammar in introduced to capture the access control for the combined system. Future works will involve implementing the proposed system in a real world environment.