IDEAS home Printed from https://ideas.repec.org/a/spr/infosf/v26y2024i6d10.1007_s10796-021-10167-z.html
   My bibliography  Save this article

A Role-Based Administrative Model for Administration of Heterogeneous Access Control Policies and its Security Analysis

Author

Listed:
  • Mahendra Pratap Singh

    (Indian Institute of Technology Kharagpur)

  • Shamik Sural

    (Indian Institute of Technology Kharagpur)

  • Jaideep Vaidya

    (Rutgers University)

  • Vijayalakshmi Atluri

    (Rutgers University)

Abstract

Over the past few years, several efforts have been made to enable specification and enforcement of flexible and dynamic access control policies using traditional access control (such as role based access control (RBAC), etc.) and attribute based access control (ABAC). Recently, a unified framework, named MPBAC (meta-policy based access control), has been developed to enable specification and enforcement of heterogeneous access control policies such as ABAC, RBAC and a combination of policies (such as ABAC and RBAC). However, one significant limitation is that no complete administrative model has been developed for heterogeneous access control policies. In this article, we present a complete role-based administrative model (named as RAMHAC) for managing heterogeneous access control policies. We also introduce a novel methodology for analyzing heterogeneous access control policies in the presence of RAMHAC by modeling the policies through Datalog facts and using the μ z tool. The administrative model includes a wide range of administrative relations, commands, pre-constraints and post-constraints. A comprehensive experimental evaluation demonstrates the scalability of the proposed approach.

Suggested Citation

  • Mahendra Pratap Singh & Shamik Sural & Jaideep Vaidya & Vijayalakshmi Atluri, 2024. "A Role-Based Administrative Model for Administration of Heterogeneous Access Control Policies and its Security Analysis," Information Systems Frontiers, Springer, vol. 26(6), pages 2255-2272, December.
    • Handle: RePEc:spr:infosf:v:26:y:2024:i:6:d:10.1007_s10796-021-10167-z
    DOI: 10.1007/s10796-021-10167-z
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1007/s10796-021-10167-z
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.
    File URL: https://libkey.io/10.1007/s10796-021-10167-z?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Martin (Dae Youp) Kang & Anat Hovav, 2020. "Benchmarking Methodology for Information Security Policy (BMISP): Artifact Development and Evaluation," Information Systems Frontiers, Springer, vol. 22(1), pages 221-242, February.
    2. Hwee-Joo Kam & Thomas Mattson & Sanjay Goel, 2020. "A Cross Industry Study of Institutional Pressures on Organizational Effort to Raise Information Security Awareness," Information Systems Frontiers, Springer, vol. 22(5), pages 1241-1264, October.
    3. Simon Trang & Benedikt Brendel, 2019. "A Meta-Analysis of Deterrence Theory in Information Security Policy Compliance Research," Information Systems Frontiers, Springer, vol. 21(6), pages 1265-1284, December.
    4. Hadi Karimikia & Narges Safari & Harminder Singh, 2020. "Being useful: How information systems professionals influence the use of information systems in enterprises," Information Systems Frontiers, Springer, vol. 22(2), pages 429-453, April.
    5. Dimosthenis Anagnostopoulos & Thanos Papadopoulos & Teta Stamati & Maria Elisavet Balta, 2020. "Policy and Information Systems Implementation: the Greek Property Tax Information System Case," Information Systems Frontiers, Springer, vol. 22(4), pages 791-802, August.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Jeffrey D. Wall & Prashant Palvia & John D’Arcy, 2022. "Theorizing the Behavioral Effects of Control Complementarity in Security Control Portfolios," Information Systems Frontiers, Springer, vol. 24(2), pages 637-658, April.
    2. Victoria Kisekka & Sanjay Goel, 2023. "An Investigation of the Factors that Influence Job Performance During Extreme Events: The Role of Information Security Policies," Information Systems Frontiers, Springer, vol. 25(4), pages 1439-1458, August.
    3. Yang Zhao & Yixuan Li & Ning Wang & Ruoxin Zhou & Xin (Robert) Luo, 2022. "A Meta-Analysis of Online Impulsive Buying and the Moderating Effect of Economic Development Level," Information Systems Frontiers, Springer, vol. 24(5), pages 1667-1688, October.
    4. Kavita Rawat & Sunita Kumar, 2022. "A Meta-Analysis on the Determinants of Online Product Reviews with Moderating Effect of Product Type," Academic Journal of Interdisciplinary Studies, Richtmann Publishing Ltd, vol. 11, November.
    5. Rao Faizan Ali & P.D.D. Dominic & Kashif Ali, 2020. "Organizational Governance, Social Bonds and Information Security Policy Compliance: A Perspective towards Oil and Gas Employees," Sustainability, MDPI, vol. 12(20), pages 1-27, October.
    6. Zhang, Jinsui & Hu, Min & Jia, Yusheng & Gu, Yuanyuan & Chen, Wen, 2024. "How should regulatory schemes be optimized to enhance deterrence against medical insurance fraud by enrollees? Evidence from a discrete choice experiment in China," Social Science & Medicine, Elsevier, vol. 354(C).
    7. Kjell Hausken & Jonathan W. Welburn, 2021. "Attack and Defense Strategies in Cyber War Involving Production and Stockpiling of Zero-Day Cyber Exploits," Information Systems Frontiers, Springer, vol. 23(6), pages 1609-1620, December.
    8. Jeewon Cho & Insu Park, 2022. "Does Information Systems Support for Creativity Enhance Effective Information Systems Use and Job Satisfaction in Virtual Work?," Information Systems Frontiers, Springer, vol. 24(6), pages 1865-1886, December.
    9. Kuttimani Tamilmani & Nripendra P. Rana & Yogesh K. Dwivedi, 2021. "Consumer Acceptance and Use of Information Technology: A Meta-Analytic Evaluation of UTAUT2," Information Systems Frontiers, Springer, vol. 23(4), pages 987-1005, August.
    10. Pankaj Dikshit & M. P. Gupta & Arpan Kumar Kar & B. Chandra, 2022. "Taxation transformation of businesses enabled by information systems: an empirical study of Goods and Services Tax implementation in India," SN Business & Economics, Springer, vol. 2(9), pages 1-26, September.
    11. Eunkyung Kweon & Hansol Lee & Sangmi Chai & Kyeongwon Yoo, 2021. "The Utility of Information Security Training and Education on Cybersecurity Incidents: An empirical evidence," Information Systems Frontiers, Springer, vol. 23(2), pages 361-373, April.
    12. Soomin Park & Junghoon Moon & Cheul Rhee & Young-Chan Choe, 2023. "Understanding Online Music Piracy Behavior via Private Communication Channels," Information Systems Frontiers, Springer, vol. 25(6), pages 2377-2392, December.
    13. Farkhondeh Hassandoust & Angsana A. Techatassanasoontorn & Felix B. Tan, 2024. "Importance of IT and Role Identities in Information Systems Infusion," Information Systems Frontiers, Springer, vol. 26(1), pages 333-367, February.
    14. Roozmehr Safi & Glenn J. Browne, 2023. "Detecting Cybersecurity Threats: The Role of the Recency and Risk Compensating Effects," Information Systems Frontiers, Springer, vol. 25(3), pages 1277-1292, June.
    15. Kuttimani Tamilmani & Nripendra P. Rana & Yogesh K. Dwivedi, 0. "Consumer Acceptance and Use of Information Technology: A Meta-Analytic Evaluation of UTAUT2," Information Systems Frontiers, Springer, vol. 0, pages 1-19.
    16. Li, Yuanxiang John & Hoffman, Elizabeth, 2023. "Designing an incentive mechanism for information security policy compliance: An experiment," Journal of Economic Behavior & Organization, Elsevier, vol. 212(C), pages 138-159.
    17. Alessandro Acquisti & Tamara Dinev & Mark Keil, 2019. "Editorial: Special issue on cyber security, privacy and ethics of information systems," Information Systems Frontiers, Springer, vol. 21(6), pages 1203-1205, December.
    18. Chul Woo Yoo & Inkyoung Hur & Jahyun Goo, 2023. "Workgroup Collective Efficacy to Information Security Management: Manifestation of its Antecedents and Empirical Examination," Information Systems Frontiers, Springer, vol. 25(6), pages 2475-2491, December.
    19. Jason A. Williams & Saurabh Gupta, 2025. "Integrating the IT Use Literature: Construct Validity and a Holistic Nomological Framework," Information Systems Frontiers, Springer, vol. 27(2), pages 563-583, April.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:infosf:v:26:y:2024:i:6:d:10.1007_s10796-021-10167-z. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.