Hide/Show Apps

Design and implementation of a hybrid and configurable access control model

Turan, Uğur
A hybrid and configurable access control model is designed to satisfy the requirements of using different access control models in the same schema. The idea is arised to completely combine and configure the two main access control models, discretionary and mandatory which have been widely used in many systems so far with their advantages and disadvantages. The motivation originates from the fact that; in real life usage, discretionary based systems needs some strict policies and mandatory based systems needs some flexibility. The model is designed to combine these two appoaches in a single and configurable model, with some required real life extensions, in a conflictfree fashion and configurable degree of combination. Implementation of the model has been done and main important cases which shows the power and expressiveness of the model are designed and implemented. The authorization process is in the responsibility of the model which can be combined with secured authentication and auditing schemas. The new approaches as Role-Based, Context-Based and Temporal access control can easily be embedded in the model due to its generic and modular design.