出版社:Academy & Industry Research Collaboration Center (AIRCC)
摘要:Role-Based Access Control (RBAC) is the most commonly used model on web applications. The
advantages of RBAC are the ease of understanding, applying and managing privileges. The static
RBAC model cannot alter access permission in real-time without human involvement and therefore
the model suffers from increasing false negative (and/or false positive) outcomes. Hence, the
Attribute-Based Access Control (ABAC) model has been proposed to introduce dynamicity and
minimize human involvement in order to enhance security. WordPress is a very popular Role-Based
content management system. To our best knowledge, no solution to merge from RBAC to ABAC model
for WordPress applications has been found. Our contribution is a WordPress plug-in that we have
developed to build ABAC upon the existing RBAC setups. In this journey, we have investigated
various scenarios by studying different application categories to come up with an enhanced automatic
model that adds real-time grant and revoke feature to WordPress.
