Abstract
Since their introduction, the use (and abuse) of computer systems has grown astronomically, and consequently so has the need to manage the sharing of data between users, processes and systems. Within a computer it is the access control system, implementing a formally defined access control model, which is responsible for enacting the security policies to prevent unauthorized disclosure, manipulation, and deletion of system and user data. I begin this thesis by discussing the background and development of key historical access control models, and by highlighting their features and limitations. In the remainder of this thesis I then present the design of a relationship-based access control model, called RPPM, which I introduce with the intention of addressing the limitations of existing models, and to accommodate richer types of access control policy.
My contribution to the body of knowledge is, therefore, the design of the RPPM access control model. RPPM is the first relationship-based access control model formally, and fully designed for general computing applications, whether they comprise one or more isolated, networked or distributed systems. I first introduce a base functional RPPM model and subsequently introduce three sets of enhancements which provide incremental developments to the fundamental workings of RPPM; these enhancements increase the expressiveness of the base model's policy language, as well as introducing optimisations, such as caching, and support for history-based policies. I then introduce several enhancements focused on applying RPPM to general computing scenarios: administration; and inter-operation. I demonstrate how all of these features may be consolidated into a single model which may then be applied to publish/subscribe architectures. Finally, I tailor this relationship-based publish/subscribe access control system to Internet of Things as this is a particularly topical and important application domain in need of security controls.
My contribution to the body of knowledge is, therefore, the design of the RPPM access control model. RPPM is the first relationship-based access control model formally, and fully designed for general computing applications, whether they comprise one or more isolated, networked or distributed systems. I first introduce a base functional RPPM model and subsequently introduce three sets of enhancements which provide incremental developments to the fundamental workings of RPPM; these enhancements increase the expressiveness of the base model's policy language, as well as introducing optimisations, such as caching, and support for history-based policies. I then introduce several enhancements focused on applying RPPM to general computing scenarios: administration; and inter-operation. I demonstrate how all of these features may be consolidated into a single model which may then be applied to publish/subscribe architectures. Finally, I tailor this relationship-based publish/subscribe access control system to Internet of Things as this is a particularly topical and important application domain in need of security controls.
| Original language | English |
|---|---|
| Qualification | Ph.D. |
| Awarding Institution |
|
| Award date | 1 Nov 2017 |
| Publication status | Published - 2017 |