期刊名称:Issues in Informing Science and Information Technology
印刷版ISSN:1547-5840
电子版ISSN:1547-5867
出版年度:2009
卷号:6
页码:699-699
出版社:Informing Science Institute
摘要:Ensuring adequate security of information has been a growing concern of individuals and organizations.
There is then the need to provide suitable access control mechanism for preventing insider
abuses and ensuring appropriate use of resources. This paper presents an access control
scheme that adopts the techniques of Role-Based Access Control (RBAC), Purpose-Based Access
Control (PBAC), Time-Based Access Control (TBAC) and History-Based Access Control
(HBAC) as components to form an integrated Components-based Access Control Architecture
(CACA). In CACA, an Access Control Score (ACS) is computed from the combined access control
techniques. CACA also combines ACS with the sensitivity nature of system resources before
a level of access is granted. The architecture was implemented within a payroll system developed
using JAVA and SQL. Using usability testing, the evaluation of CACA showed 92% reduction
in insider abuses and misuse of privileges. This shows that CACA can provide higher level
of security access as against what used to exist.
