A Novel Role-Based-Access-Control(RBAC) Framework and Application

In recent time, RBAC has gained and kept a dominant stage of AC(access control) in the research area and industry, respectively. Over the time, needs for risk awareness in AC has paid special attention. Even though, role based access control conquers risk via inner features, a quantified method of risk awareness has been proposed as a leading and fascinating research topic due to its inherent flexibility. In this approach, risk-cost metrics are calculated for different entities involved in AC such as users and related objects and a risk threshold restricts the permissions which could be exercised. The quantified methodology arranges dynamism in access decisions procedure based on contexts-situations such as an worker accessing sensitive files through a work computer versus accessing using her own device. In this paper, we compare the difference between the traditional risk mitigation and the recent quantified risk-aware approaches in RBAC and propose a framework for introducing risk-awareness in RBAC models that incorporates quantified-risk. We also provide a formal specification of an adaptive risk-aware RBAC model by enhancing the NIST core RBAC model.