The Secure Role Based Mission System (SRBMS)
Given the current and future development of computerization and information communications infrastructures, the organizations are facing more and more challenges how to secure their information asset and information flow within the organization and globally via Internet. The ubiquitous access to Internet introduces new challenges for secure access control systems providing access authorization at any-time, from-anywhere and by anyone.
This paper discusses the development of Role Based Access Control (RBAC) used for a secure web system. The proposed system authenticates the authorized users according to their level of trust, while providing them with proper access to a specific task(s) or assignments(s) within the organization.
The SRBMS is an extended RBAC model facilitating an alternative ways to distinguish between the user authentication and access hierarchies. It keeps track of logging, while back-tracking the recent activities performed by the authorized personnel accessing on-site or remotely the online resources via web interface.
The paper present an enhanced RBAC model which provides the user authentication and authorisation based on their position and function within the organization. While being consistent with the ANSI RBAC standard, the SRBMS model provides secure access to online resources based on user’s specific roles within the organisation via secure web-interface facilitating a restricting account access to authorized users only.The main contribution of the paper is to provide solution to protect any government, military or business organization, which utilizes Web-URL Security with Database Level Security.
L. Chen, Analyzing and PhD Thesis, “Developing Role-Based Access Control Models”, Royal Holloway, University of London, 2010.
D. Gollmann, “Computer Security”. John Wiley and Sons, 2nd edition, 2005.
S. Soltanmohammadi, S. Asadi, N. Ithnin,“Main humanfactors affecting information system security”, Interdisciplinary Journal of Contemporary Research in Business, Vol.5, No.7, pp.329-354, 2013.
M. Bishop, “Computer Security: Art and Science”, Addison Wesley Professional, 2002.
D. Besnard, B. Arief, “Computer security impaired by legitimate users”, Computers and Security, No.23, pp.253-264, 2004.
I. P. Cook, S. L. Pfleeger, “Security Decision Support Challenges in Data Collection and Use”, The RAND Corporation, 2009.
A. L. F. Han, D. F. Wong, L. S. Chao, “Password Cracking and Countermeasures in Computer Security: A Survey”, Cornell University Library http://arxiv.org/ abs/1411.7803, 2014.
M. Raza, I. Muhammad, M. Sharif and W. Haider, “A Survey of Password Attacks and Comparative Analysis on Methods for Secure Authentication”, World Applied Sciences Journal, No.19, Vol.4, pp.439-444, 2012.
D. F. Ferraiolo, D. R. Kuhn, R. Chandramouli, “Role-Based Access Control”, Artech House, 2nd edition, 2007.
S. William and L. Brown, “Computer Security and Practice”, 3rd edition, Pearson Publishers, ISBN-10: 0133773922, 2015.
Ch. P. Pfleeger, S. L. Pfleeger, J. Margulies, “Security in Computing”, 5th edition, Pearson Publishers, ISBN-10: 0134085043, 2015.
M. Goodrich, R. Tamassia, “Introduction to Computer Security”, Pearson Publishers, ISBN-10: 0321512944, 2011.
Web MVC framework, Spring Framework Reference Doc- umentation, http://docs.spring.io/spring/docs/ current/spring-framework-reference/html/mvc. html, access date: 2015. 8. 15.
Multitier architecture, Wikipedia, https://en. wikipedia.org/wiki/Multitier architecture, access date: 2015. 8. 15.
Everything You Wanted to Know about SQL Injection (But were Afraid to Ask), DZone, http://java.dzone.com/ articles/everything-you-wanted-know, access date: 2015. 8. 15.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).