Abstract

Role based access control (RBAC) is well known due to its high security and ease in management for permissions. But it also has some deficiencies like role structure complexity and having no dynamic behavior. Attribute based access control (ABAC) is a dynamic access control model that provides ease of role structuring. Analyzing roles and permissions after implementing access control model and its management is not easy in ABAC. In this paper, an access control model is developed that accumulates the strengths of RBAC and ABAC and also remove some of the deficiencies of above stated models. The proposed model implements and exploits the attributes of objects, permissions, roles, and users as foundation. Moreover the proposed model employs the role structuring ability of ABAC and tight security behavior of RBAC. We also implemented the proposed model and discussed with respect to a case study.