A Novel Cyberspace-Oriented Access Control Model

With the developments of mobile communication, networks and information technology, many new information service patterns and dissemination modes emerge with some security and privacy threats in access control, i.e., the ownership of data is separated from the administration of them, secondary/mutiple information distribution etc. Existing access control models, which are always proposed for some specific scenarios, are hardly to achieve fine-grained and adaptive access control. In this paper, we propose a novel Cyberspace-oriented Access Control model, termed as CoAC, which avoids the aforementioned threats by comprehensively considering some vital factors, such as the access requesting entity, general tense, access point, resource, device, networks, internet-based interactive graph and chain of resource transmission. By appropriately adjusting these factors, CoAC covers most of typical access control models and fulfills the requirements of new information service patterns and dissemination modes. We also present the administrative model of our proposed CoAC model and formally describe the administrative functions and methods used in the administrative model by utilizing Z-notation. Our CoAC is flexible and scalable, it can be further refined and expanded to figure out new opportunities and challenges in the upcoming access control techniques

Author's personal copy Roles in information security e A survey and classification of the research area

Motivation The growing diffusion of information technologies within all areas of human society has increased their importance as a critical success factor in the modern world. However, information processing systems are vulnerable to many different kinds of threats that can lead to various types of damage resulting in significant economic losses. Consequently, the importance of Information Security has grown and evolved in a similar manner. In its most basic definition, Information Security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. The aim of Information Security is to minimize risks related to the three main security goals confidentiality, integrity, and availability e usually referred to as "CIA" c o m p u t e r s & s e c u r i t y 3 0 ( 2 0 1 1 ) 7 4 8 e7 6 9 0167-4048/$ e see front matter