The Secure Role Based Mission System (SRBMS)

  • Eduard Babulak The Institute of Management and Business in Ceske Budejovice
  • Waqas Ahmed
  • Cen Dai
  • Chen Pan
  • Amanuel Hailu

Abstract

Given the current and future development of computerization and information communications infrastructures, the organizations are facing more and more challenges how to secure their information asset and information flow within the organization and globally via Internet. The ubiquitous access to Internet introduces new challenges for secure access control systems providing access authorization at any-time, from-anywhere and by anyone.

This paper discusses the development of Role Based Access Control (RBAC) used for a secure web system. The proposed system authenticates the authorized users according to their level of trust, while providing them with proper access to a specific task(s) or assignments(s) within the organization.

The SRBMS is an extended RBAC model facilitating an alternative ways to distinguish between the user authentication and access hierarchies. It keeps track of logging, while back-tracking the recent activities performed by the authorized personnel accessing on-site or remotely the online resources via web interface.

The paper present an enhanced RBAC model which provides the user authentication and authorisation based on their position and function within the organization. While being consistent with the ANSI RBAC standard, the SRBMS model provides secure access to online resources based on user’s specific roles within the organisation via secure web-interface facilitating a restricting account access to authorized users only.

The main contribution of the paper is to provide solution to protect any government, military or business organization, which utilizes Web-URL Security with Database Level Security.

Author Biography

Eduard Babulak, The Institute of Management and Business in Ceske Budejovice
Professor Eduard Babulak is accomplished international scholar, researcher, consultant, educator, professional engineer and polyglot, with more than thirty years of experience. He served as successfully published and his research was cited by scholars all over the world. He served as Chair of the IEEE Vancouver Ethics, Professional and Conference Committee.

He was Invited Speaker at the University of Cambridge, MIT, Yokohama National University and University of Electro Communications in Tokyo, Japan, Shanghai Jiao Tong University, Sungkyunkwan University in Korea, Penn State in USA, Czech Technical University in Prague, University at West Indies, Graz University of Technology, Austria, and other prestigious academic institutions worldwide.

His academic and engineering work was recognized internationally by the Engineering Council in UK, the European Federation of Engineers and credited by the Ontario Society of Professional Engineers and APEG in British Columbia in Canada. He was awarded higher postdoctoral degree DOCENT - Doctor of Science (D.Sc.) in the Czech Republic, Ph.D., M.Sc., and High National Certificate (HNC) diplomas in the United Kingdom, as well as, the M.Sc., and B.Sc. diplomas in Electrical Engineering Slovakia.

He is Fellow of the Royal Society RSA, London, UK; Chartered Fellow. Mentor and Member of the ELITE Group of the British Computer Society, London, UK; 2013-2014 Invited Panel Member for the DoD & National Science Foundation Graduate Research Fellowship Program, USA; Expert Consultant for HORIZON 2020 & CORDIS FP6 - FP7 European Commission, Brussellex, Belgium; Mentor and Senior Member of the IEEE and ACM, USA; Nominated Fellow of the Institution of Engineering and Technology, London, UK and Distinguished Member of the ACM, USA; Chartered Member of the IET, London, UK; Professional Member of American Society for Engineering Education, American Mathematical Association and Mathematical Society of America, USA.

Professor Babulak communicates in 14 languages and his biography was cited in the Cambridge Blue Book, Cambridge Index of Biographies and number of issues of Who’s Who.

References

L. Chen, Analyzing and PhD Thesis, “Developing Role-Based Access Control Models”, Royal Holloway, University of London, 2010.

D. Gollmann, “Computer Security”. John Wiley and Sons, 2nd edition, 2005.

S. Soltanmohammadi, S. Asadi, N. Ithnin,“Main humanfactors affecting information system security”, Interdisciplinary Journal of Contemporary Research in Business, Vol.5, No.7, pp.329-354, 2013.

M. Bishop, “Computer Security: Art and Science”, Addison Wesley Professional, 2002.

D. Besnard, B. Arief, “Computer security impaired by legitimate users”, Computers and Security, No.23, pp.253-264, 2004.

I. P. Cook, S. L. Pfleeger, “Security Decision Support Challenges in Data Collection and Use”, The RAND Corporation, 2009.

A. L. F. Han, D. F. Wong, L. S. Chao, “Password Cracking and Countermeasures in Computer Security: A Survey”, Cornell University Library http://arxiv.org/ abs/1411.7803, 2014.

M. Raza, I. Muhammad, M. Sharif and W. Haider, “A Survey of Password Attacks and Comparative Analysis on Methods for Secure Authentication”, World Applied Sciences Journal, No.19, Vol.4, pp.439-444, 2012.

D. F. Ferraiolo, D. R. Kuhn, R. Chandramouli, “Role-Based Access Control”, Artech House, 2nd edition, 2007.

S. William and L. Brown, “Computer Security and Practice”, 3rd edition, Pearson Publishers, ISBN-10: 0133773922, 2015.

Ch. P. Pfleeger, S. L. Pfleeger, J. Margulies, “Security in Computing”, 5th edition, Pearson Publishers, ISBN-10: 0134085043, 2015.

M. Goodrich, R. Tamassia, “Introduction to Computer Security”, Pearson Publishers, ISBN-10: 0321512944, 2011.

Web MVC framework, Spring Framework Reference Doc- umentation, http://docs.spring.io/spring/docs/ current/spring-framework-reference/html/mvc. html, access date: 2015. 8. 15.

Multitier architecture, Wikipedia, https://en. wikipedia.org/wiki/Multitier architecture, access date: 2015. 8. 15.

Everything You Wanted to Know about SQL Injection (But were Afraid to Ask), DZone, http://java.dzone.com/ articles/everything-you-wanted-know, access date: 2015. 8. 15.

Published
2016-01-25
How to Cite
Babulak, E., Ahmed, W., Dai, C., Pan, C., & Hailu, A. (2016). The Secure Role Based Mission System (SRBMS). Journal of the Institute of Industrial Applications Engineers, 4(1), 50. https://doi.org/10.12792/jiiae.4.50
Section
Articles