History-based access control
In computer security, History-based access control (HBAC) is a form of access control. Access control in computer security depends on the relationship between objects (system files, devices) and the rights associated to subjects (users, networks, groups) to perform operations (such as reading or writing) onto said objects.
HBAC bases the rights associated to a program (a form of object) based on a selective history of all of the requests made to and by said program in order to decide what are safe and potentially dangerous future requests.[1] A program that has a history of requesting sensitive data must be safeguarded, disabling subjects from attempting sensitive operations, such as directly accessing the program and possibly navigating to the sensitive data. Opposingly, a program with a history of being requested by public users must be prevented from having access to sensitive data as that program is an easier target for entry by malicious code.
Location and identity of a program as well as the attributes of any of the program's running code decide what a safe versus a potentially dangerous request is and how (HBAC) policy can be decided for a particular system. One of the most important attributes of the code is its origin (from a local disk, digitally signed by a trustworthy party, or accessed through an unsecure Internet website). Running code is defined as any process currently on a computer's stack or any process that has been called and successfully executed. Example: If program A calls B, B returns, then A calls C, the rights of C will be dependent on the attributes of A, B, and C[2].
History based access control models were first formally defined by Edjlali (1998)[1], see also Abadi (2003).
The original implementation of HBAC was through a Java based mechanism called Deeds created by Edjlali, Acharya, and Chaudhary to show the ability to succinctly change HBAC policies while running the programs being controlled.
See Also
- Attribute-based access control
- Bell–La Padula model
- Biba Model
- Capability-based security
- Computer security model
- Context-based access control
- Discretionary access control
- Graph-based access control
- Lattice-based access control
- Location-based authentication
- Mandatory access control
- Organisation-based access control
- Risk-based authentication
- Role-based access control
- Rule-set-based access control
References
- ↑ 1.0 1.1 Edjlali, Guy; Acharya, Anurag; Chaudhary, Vipin (1998-11-01). "History-based access control for mobile code". Proceedings of the 5th ACM conference on Computer and communications security. CCS '98. San Francisco, California, USA: Association for Computing Machinery: 38–48. doi:10.1145/288090.288102. ISBN 978-1-58113-007-2.
- ↑ Abadi, Martín; Fournet, Cédric (February 2003). "Access Control based on Execution History" (PDF). 10th Annual Network and Distributed System Security Symposium (NDSS'03) – via University of California at Santa Cruz.
This article "History-based access control" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:History-based access control. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.
