Show simple item record

dc.contributor.authorKayes, ASM
dc.contributor.authorHan, Jun
dc.contributor.authorRahayu, Wenny
dc.contributor.authorDillon, Tharam
dc.contributor.authorIslam, Md Saiful
dc.contributor.authorColman, Alan
dc.date.accessioned2019-05-29T12:36:25Z
dc.date.available2019-05-29T12:36:25Z
dc.date.issued2019
dc.identifier.issn0010-4620
dc.identifier.doi10.1093/comjnl/bxy065
dc.identifier.urihttp://hdl.handle.net/10072/380471
dc.description.abstractIn today’s dynamic ICT environments, the ability to control users’ access to information resources and services has become ever important. On the one hand, it should provide flexibility to adapt to the users’ changing needs, while on the other hand, it should not be compromised. The user is often faced with different contexts and environments that may change the user’s information needs. To allow for this, it is essential to incorporate the dynamically changing context information into the access control policies to reflect different contexts and environments through the use of a new context-aware access control (CAAC) approach with both dynamic associations of user-role and role-permission capabilities. Our proposed CAAC framework differs from the existing access control frameworks in that it supports context-sensitive access control to information resources and dynamically re-evaluates the access control decisions when there are dynamic changes to the context. It uses the dynamic context information to specify the user-role and role-permission assignment policies. We first present a formal policy model for our framework, specifying CAAC policies. Using this model, we then introduce a policy ontology for modeling CAAC policies and a policy enforcement architecture which supports access to resources according to the dynamically changing context information. In addition, we demonstrate the feasibility of our framework by considering (i) the completeness, correctness and consistency of the ontology concepts through application to healthcare scenarios and (ii) the performance and usability testing of the framework when using desktop and mobile-based prototypes.
dc.description.peerreviewedYes
dc.languageEnglish
dc.language.isoeng
dc.publisherOxford University Press
dc.publisher.placeUnited Kingdom
dc.relation.ispartofpagefrom1
dc.relation.ispartofpageto36
dc.relation.ispartofjournalComputer Journal
dc.subject.fieldofresearchInformation and computing sciences
dc.subject.fieldofresearchCybersecurity and privacy not elsewhere classified
dc.subject.fieldofresearchInformation systems organisation and management
dc.subject.fieldofresearchcode46
dc.subject.fieldofresearchcode460499
dc.subject.fieldofresearchcode460908
dc.titleA Policy Model and Framework for Context-Aware Access Control to Information Resources
dc.typeJournal article
dc.type.descriptionC1 - Articles
dc.type.codeC - Journal Articles
dc.description.versionAccepted Manuscript (AM)
gro.description.notepublicThis publication has been entered into Griffith Research Online as an Advanced Online Version.
gro.rights.copyright© 2018 Oxford University Press. This is a pre-copy-editing, author-produced PDF of an article accepted for publication in The Computer Journal following peer review. The definitive publisher-authenticated version A Policy Model and Framework for Context-Aware Access Control to Information Resources, The Computer Journal, bxy065, 2018 is available online at: https://doi.org/10.1093/comjnl/bxy065.
gro.hasfulltextFull Text
gro.griffith.authorIslam, Saiful


Files in this item

This item appears in the following Collection(s)

  • Journal articles
    Contains articles published by Griffith authors in scholarly journals.

Show simple item record