Contributions to access control: continuous access and attribute-level interoperation

• Autores: Carles Martínez García
• Directores de la Tesis: Guillermo Navarro-Arribas (dir. tes.) , Joan Borrell i Viader (dir. tes.)
• Lectura: En la Universitat Autònoma de Barcelona ( España ) en 2011
• Idioma: inglés
• Tribunal Calificador de la Tesis: Josep Rifa Coma (presid.) , Joaquín García Alfaro (secret.) , Oscar Cánovas Reverte (voc.)
• Enlaces
  • Tesis en acceso abierto en: TESEO
• Resumen

  • Computerized access control is founded on some assumptions that limit its application in concrete environments. First of all, the standardization of access control models built on a poor understanding of access. Access has been historically considered binary in the sense that access is permitted or it is not. However, there are operations that can be executed through a variable execution level. That is the case of QoS-subjected actions, for example, where the resources put on serving an access conditions the quality of the access itself. As quality of access is, indeed, an access control regulation, the access decision could be formulated in terms of the authorized access level rather than through simple permit/deny decisions. A second assumption lies in the form in which users are related with authorization-relevant information. Authorization-relevant information are facts like who the user is, which characteristics the user has or what the user owns. However, this information may be parametrized. Uncertainty, trust, seniority or risk are just few examples. This semantics should be taken into account along the authorization process. In this thesis we present FRBAC, an access control model which breaks with this two assumptions, and we demonstrate its applicability in different scenarios, paying special attention to the multi-domain environment. We also propose a collaboration mechanism which enables the interoperation between heterogeneous access control models and it is compatible with FRBAC.