An Object-Dependent and Context Constraints-Aware Access Control Approach Based on RBAC

Abstract. The universal adoption of the Internet requires a fine grained access control in the sharing of sensitive resources. However, existing access control mechanisms are inflexible and do not help in alleviating the management task of administrating users' access to resources based on security policies. In this paper, we propose an approach to implement fine-grained access control based on RBAC while considering specific context constraints. The approach is object-dependent and policy-enforced through binding policies to particular object. In the policies, context constraints are incorporated to support separation of duties (SoD). Furthermore, the implement of the approach is described in detail and an application to meet specific access control requirements of comprehensive knowledge management system in an aviation enterprise is presented