ScienceDirect® Home Skip Main Navigation Links
You have guest access to ScienceDirect. Find out more.
 
Home
Browse
My Settings
Alerts
Help
 Quick Search
 Search tips (Opens new window)
    Clear all fields    
Computers & Security
Volume 26, Issue 2, March 2007, Pages 120-129
 
Font Size: Decrease Font Size  Increase Font Size
 Abstract - selected
Article
Purchase PDF (572 K)

  E-mail Article   
  Add to my Quick Links   
Bookmark and share in 2collab (opens in new window)
Request permission to reuse this article
  Cited By in Scopus (0)
 
 
 
Related Articles in ScienceDirect
View More Related Articles
 
View Record in Scopus
 
doi:10.1016/j.cose.2006.08.006    How to Cite or Link Using DOI (Opens New Window)
Copyright © 2006 Elsevier Ltd All rights reserved.

Clustering subjects in a credential-based access control framework

K. StoupaCorresponding Author Contact Information, a, E-mail The Corresponding Author and A. Vakalia, E-mail The Corresponding Author

aAristotle University of Thessaloniki, Thessaloniki, Greece

Received 5 November 2005; 
revised 5 July 2006; 
accepted 3 August 2006. 
Available online 26 September 2006.

Purchase the full-text article



References and further reading may be available for this article. To view references and further reading you must purchase this article.

Abstract

Currently, access control of distributed Internet resources (such as files, documents and web services) has become extremely demanding. Several new access control models have been introduced. Most of the proposed approaches increase the complexity of the access control procedure and at the same time expressing these models is becoming complicated. Improving the execution time of the access control procedures is a challenging task due to the increased number of resources (available over the Internet) and the size of the audience involved. In this paper, we introduce an approach for speeding up the access control procedure under an environment accessed by known subjects (i.e. subjects whose identity and attributes are known apriori through a subscription phase). This approach is based on some update functions (employed at the background during idle times) over files which are associated with subjects. The core task of the proposed update is its dynamic nature and its clustering of subjects according to their interests and credentials. Moreover, this work associates subjects with security policies that are most likely to be triggered according to (the subjects) interests. Credential-based access control is considered to properly protect frameworks distributing resources to known subjects and here emphasis is given to the complexity involved in order to decrease the access request evaluation time under a credential-based access control framework.

Keywords: Access control; Clustering users; Credentials; XML-based access control; Access request evaluation time

Article Outline

1. Introduction
2. An access control scenario
3. The dynamic update approach
3.1. Structure of the files involved
3.2. Clustering of subjects
3.3. The access request evaluation process
4. Complexity analysis of access request evaluation procedure
4.1. Calculating complexities for each task
4.1.1. Policy evaluation function (Fig. 5)
4.1.2. Task 1: find the subject policy file associated with the requesting subject
4.1.3. Task 2: (scanSubjectPolicyFile – Fig. 6(a))
4.1.4. Task 3: (scanPolicyBase – Fig. 6(b))
4.1.5. Task 4: sending reply to the access control module
4.2. Overall complexity of the access request evaluation process
5. Conclusions and future work
References
Vitae







Computers & Security
Volume 26, Issue 2, March 2007, Pages 120-129
 
Home
Browse
My Settings
Alerts
Help
Elsevier.com (Opens new window)
About ScienceDirect  |  Contact Us  |  Information for Advertisers  |  Terms & Conditions  |  Privacy Policy
Copyright © 2008 Elsevier B.V. All rights reserved. ScienceDirect® is a registered trademark of Elsevier B.V.