Académique Documents
Professionnel Documents
Culture Documents
Environments
MADHUSMITA ROUT1,2 , ER MIR MOHAMMAD YOUSUF1,3
1
Department of computer science and engineering, lovely professional university, phagwara, Punjab
2
(msrout77@gmail.com)
3
(mir.23383@lpu.co.in)
ABSTRACT
The efficient management of a huge numbers of applications and providing user access has
become a challenge for each organization at present day. E commerce is used in every
industry for providing a better service with an availability for 24 hours to their customers [1]
but protecting the data security and privacy is a great issue. New technologies are being
implemented to deal with the emerging security threats. Authentication and access control are
a great way to keep system and data secure. Access Control minimizes the risk of
unauthorized access to physical and logical systems. It validates each request before granting
any access to a user i.e. based on the type of request to services and data. Different types of
security policies are used to implement an access control system. It differs on the requirement
of allowance of user access [9,10]. From small scale to large scale industries, each prefers to
deploy various types of access control mechanisms which helps them to maintain a secure
system and user access on the basis of requirements and individual roles. In this paper we
will discuss how it has become important to maintain a secure access management in
different type of organizations and the issues regarding the configuration and management
with solutions. finally, we will analyze how different mechanisms affects e commerce.
KEYWORDS
access control, business roles, role engineering, role mining, security and privacy
1. INTRODUCTION
Many industries and business are at peak of competition to dominate each other in market but
developing a e commerce in a business is the hardest part. The main goal is to maximize
benefits and turnover of an industry. As in e commerce all the business activities involve an
electronic media so the main concern is about to deliver a best transmission of product and
service. Hence for building a reliable and efficient system, a computer administrator has to
analyze different parameter for a better and convenient system with security policies provided
by a security analyst [1,3].
e commerce environment is quite different from the traditional ones. Different frameworks
are introduced for developing an ecommerce application as per the requirements of various
platforms. A better secure and confidential database is concerned as everything here is digital
, safeguarding the business assets is most important thing [2]. choosing an access control
mechanism by taking the above scenario is a challenge as it involves cost and effort
requirement for an abundant resource and an optimization method mostly in a large
distributed system and internet. In access control users are given privileges according to their
roles and responsibilities by validating their ids to the requests. it is established with various
access control policies. If hierarchical access is implemented in an organization the problem
becomes more complex [4].
so, choosing an access control policy depends on the environmental requirements of an
organization as it differs from system to system.
There are three main types of access control policies i.e. Discretionary access control (DAC),
Mandatory access control (MAC) and Role based access control (RBAC) [8,9].
Discretionary access control (DAC), is a type of access control where a user can only control
access to his data i.e. owner of the resource determines the access. It is mostly used in the
desktop operating system but it also increases the chance of risk. one user cannot change the
access controls owned by anther user.
Mandatory access control (MAC), is an access control method that provides access to the
resources depending on the clearance level of the user. The system administrator can control
or change the access to resources. Mandatory Access Control (MAC) is the strictest of all
levels of control. it uses a hierarchical approach to access resources. Mac has two security
labels assigned to all resource objects on the system with information - a classification and a
category. Both the classification and categories must match.
it has the most secure access control environment. a good planning and effective
implementation with a high system management is required to implement it. This mechanism
associate’s information with such labels as TOP SECRET, SECRET, and CONFIDENTIAL.
mostly government sectors use macs for strict security [9].
Role based access control (RBAC)- RBAC is an access control mechanism defined by roles
and privileges. Access permissions are managed based on individual users. In RBAC the
users are assigned to roles (job functions), roles are assigned with permissions (approval to
perform an operation on an object) and users acquire permissions by being assigned to roles.
A user can perform an operation depends on the roles activated and permissions associated
with those roles[8,9].
RBAC implements authorization account management across various organizations. Many
government and commercial sectors rely upon rbac as it meets their security policies. Roles
are decided by organizational responsibilities and qualifications of users. Access decisions
are always based on roles. Roles are created for various job functions. Three primary rules
are defined for RBAC i.e. role assignment, role authorization and permission authorization.
Reassigning roles and granting new permissions to users is easier using rbac.
Over time users access rights tend to compound themselves i.e. users may be granted some
temporary access for a special project or adjusted to other works in absence of someone to
complete the task. Owners can review about the security and distribution groups on a periodic
basis. RBAC has good administrative capabilities. User rights management is
implemented through rbac. RBAC is currently used in database management systems and
security management and network operating system [8,9].
3. METHODS
4 CONCLUSION-FUTURE WORK
We have reviewed all previous methods and limitations of access control mechanisms in
different environments. Different approaches with new designs introduced for developing
more flexible models. A feature-based approach can be made to meet the changing
requirements of e commerce environments. Policies and Real datasets can be used with
different tool to improve access control methods.
REFERENCES
[1] Turban, E., King, D. R., Lang, J., & Lai, L. (2009). Introduction to electronic commerce.
[2] Todor, R. D. (2016). Blending traditional and digital marketing. Bulletin of the
Transilvania University of Brasov. Economic Sciences. Series V, 9(1), 51.
[3] Abadi, S., Huda, M., Hehsan, A., Mohamad, A. M., Basiron, B., Ihwani, S. S., ... & Noor,
S. S. M. (2018). Design of online transaction model on traditional industry in order to
increase turnover and benefits. Int. J. Eng. Technol, 7, 231-237.
[4] Reddy, S. P., Jayakumar, M., Viltard, A., & Meenakshisundaram, R. (2018). U.S. Patent
Application No. 10/122,717.
[5] Langaliya, C., & Aluvalu, R. (2015). Enhancing cloud security through access control
models: A survey. International Journal of Computer Applications, 112(7).
[6] Goel, K., & Goel, M. (2016, May). Cloud computing based e-commerce model. In 2016
IEEE International Conference on Recent Trends in Electronics, Information &
Communication Technology (RTEICT) (pp. 27-30). IEEE.
[7] Bhardwaj, A., Subrahmanyam, G. V. B., Avasthi, V., & Sastry, H. (2016). Security
algorithms for cloud computing. Procedia Computer Science, 85, 535-542.
[8] Ferraiolo, D., Cugini, J., & Kuhn, D. R. (1995, December). Role-based access control
(RBAC): Features and motivations. In Proceedings of 11th annual computer security
application conference (pp. 241-48).
[9] Jin, X., Krishnan, R., & Sandhu, R. (2012, July). A unified attribute-based access control
model covering DAC, MAC and RBAC. In IFIP Annual Conference on Data and
Applications Security and Privacy (pp. 41-55). Springer, Berlin, Heidelberg.
[10] Huh, J. H., Bobba, R. B., Markham, T., Nicol, D. M., Hull, J., Chernoguzov, A., ... &
Huang, J. (2016). Next-generation access control for distributed control systems. IEEE
Internet Computing, 20(5), 28-37.
[11] Indu, I., Anand, P. R., & Bhaskar, V. (2018). Identity and access management in cloud
environment: Mechanisms and challenges. Engineering science and technology, an
international journal.
[12] Sandhu, R., & Park, J. (2003, September). Usage control: A vision for next generation
access control. In International Workshop on Mathematical Methods, Models, and
Architectures for Computer Network Security (pp. 17-31). Springer, Berlin, Heidelberg.
[13] Alessandro Colantonio, Roberto Di Pietro, Alberto Ocello. 2011. Role mining in
business: Taming Role-Based Access Control Administration. World Scientific.
[15] Liang Wang, Xin Geng, James Bezdek, Christopher Leckie, Ramamohanaro
Kotagiri.2008. SpecVAT: Enhanced visual cluster analysis. In Data Mining, 2008. ICDM'08.
Eighth IEEE International Conference on. IEEE, Pisa, Italy, 638647. DOI: http://dx.doi.org/
10.1109/ICDM.2008.18
[16] Barsha Mitra, Shamik Sural Jaideep Vaidya, Vijayalakshmi Atluri. 2016. A Survey of
Role Mining.ACM Computing surveys (CSUR), ACM 48, 4(May 2016). DOI:
http://dx.doi.org/ 10.1145/2871148
[17] Phillip Fong. 2015. ReBAC2015: Interoperability of Relationship and Rolle-Based
Access Control. Master’s thesis. University of Calgary, Alberta