Study on Resource Access Management Method Based on Entropy Weighting Analysis in SSO System
Keywords:
Access control, Authentication, Entropy, Resource access, SSOAbstract
The primary challenge in the current information protection system is to correctly authenticate users who access information systems and to establish the corresponding access management system. Recently, the SSO (Single Sign On) system has been developed to provide various services with a single subscriber authentication across various service systems, and its application has been intensified, with research efforts made to improve access control by comprehensively analysing the user system behaviour. SSO system can be a great risk for all service systems if it applies access control systems that are not secure due to their characteristics. The flexibility and security of access control for service systems are currently being achieved through the degree of user confidence worldwide. This study uses entropy weighting to quantitatively and accurately evaluate user behaviour, and based on it, it proposes an efficient resource access management method for the SSO system and evaluates its performance, solving the authentication and access control problem that exists in the SSO system.
References
G. Lin, D. Wang, Y. Bie and M. Lei, “MTBAC: A mutual trust based access control model in cloud computing,” in China Communications, vol. 11, no. 4, pp. 154–162, April 2014, doi: https://doi.org/10.1109/CC.2014.6827577
R. Oppliger, “Microsoft .net passport: A security analysis,” in Computer, vol. 36, no. 7, pp. 29–35, July 2003, doi: https://doi.org/10.1109/MC.2003.1212687
M. U. Aftab, M. A. Habib, N. Mehmood, M. Aslam and M. Irfan, “Attributed role based access control model,” 2015 Conference on Information Assurance and Cyber Security (CIACS), Rawalpindi, Pakistan, 2015, pp. 83–89, doi: https://doi.org/10.1109/CIACS.2015.7395571
L. Fan, “Design of a ticket-based single sign-on protocol,” Procedia Engineering, vol. 23, pp. 537–542, 2011, doi: https://doi.org/10.1016/j.proeng.2011.11.2544
Roos, S. Drüsedow, M. I. Hosseini, G. Coskun and S. Zickau, “Trust level based data storage and data access control in a distributed storage environment,” 2015 3rd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering, San Francisco, CA, USA, 2015, pp. 169–176, doi: https://doi.org/10.1109/MobileCloud.2015.26
Z. Lai, Y. Shen and G. Zhang, “A security risk assessment method of website based on threat analysis combined with AHP and entropy weight,” 2016 7th IEEE International Conference on Software Engineering and Service Science (ICSESS), Beijing, 2016, pp. 481–484, doi: https://doi.org/10.1109/ICSESS.2016.7883113
D. -j. Han, L. Gong and F. Qin, “A dynamic access control policy based on hierarchical description,” 2016 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), Chengdu, China, 2016, pp. 76–80, doi: https://doi.org/10.1109/CyberC.2016.23
C. Lee, Y. Guo, and L. Yin, “A location temporal-based access control model for IoTs,” AASRI Procedia, vol. 5, pp. 15–20, 2013, doi: https://doi.org/10.1016/j.aasri.2013.10.053
Md. Enamul Kabir, H. Wang, and E. Bertino, “A conditional purpose-based access control model with dynamic roles,” Expert Systems with Applications, vol. 38, no. 3, pp. 1482–1489, Mar. 2011, doi: https://doi.org/10.1016/j.eswa.2010.07.057
W. Jansen, “A revised model for role-based access control,” National Institute of Standards and Technology, Gaithersburg, Maryland, Jul. 1998. doi: https://doi.org/10.6028/nist.ir.6192
R. Sandhu, V. Bhamidipati, and Q. Munawer, “The ARBAC97 model for role-based administration of roles,” ACM Transactions on Information and System Security, vol. 2, no. 1, pp. 105–135, Feb. 1999, doi: https://doi.org/10.1145/300830.300839
E. Coyne and T. R. Weil, “ABAC and RBAC: Scalable, flexible, and auditable access management,” in IT Professional, vol. 15, no. 3, pp. 14–16, May–June 2013, doi: https://doi.org/10.1109/MITP.2013.37
J. Hoffman, “Implementing RBAC on a type enforced system,” Proceedings 13th Annual Computer Security Applications Conference, San Diego, CA, USA, 1997, pp. 158–163, doi: https://doi.org/10.1109/CSAC.1997.646185
D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli, “Proposed NIST standard for role-based access control,” ACM Transactions on Information and System Security, vol. 4, no. 3, pp. 224–274, Aug. 2001, doi: https://doi.org/10.1145/501978.501980
V. Patel and R. Patel, “Improving the security of SSO in distributed computer network using digital certificate and one time password (OTP),” International Journal of Computer Applications, vol. 89, no. 4, pp. 10–14, 2014, Available: https://www.ijcaonline.org/archives/volume89/number4/15489-4227/
