**2. The proposed enhancement in ABAC model**

#### **2.1 Context-aware analytical study**

Context-aware system has verity of definitions based on the study scope. In access control field, context-aware allowing a dynamic permission to access an object based on some attributes related to the user context [3]. The context can be extracted from the system environment by using 5W1H (who, where, what, why, when and how) [4]. The context attributes are a finite set which reflect the system and differs from the attributes related to the subject and the object as per the researcher in [5]. However, other authors consider the rule enforcement through Attribute-Based Access Control (ABAC) is based on the attributes of both the subject and the object [6]. Therefore; this section is investigating context-aware concept in access control.

An ubiquitous application with RBAC extension has been investigated by Kim's [3] where state checking matrix is used to build a context-aware agent. Two cases are defined to deploy context-awareness. The first one is through giving privilege up-on the user context, such as location and time. The second one is changing resource permissions up-on the system information, such as network bandwidth and memory usage. Another work proposed by Kim in this filed, called CIAAC (Context Information-based Application Access Control) [4]. CIAAC designed to separate processing logic and business from context awareness and access control policy. CIAAC add flexibility to business application which support dynamic access control policy. This feature allows to satisfy the demand of external security environment. However, the potential drawbacks of CIAAC have not yet been evaluated. Another technique was proposed by Li in his thesis [7] to meet the scope of mobile cloud environment based on Attribute-Based Encryption (ABE). Li defines context-aware terminology to cover the user context-information in addition to the environment such as location and time.

As per the literature, encryption techniques such as ABE introduce several limitations which effect the overall system efficiency such as the overhead caused by bilinear pairing due to its heavy computation [8]. In addition to that ABE cannot attain fine-grained control [9]. Another related work done by AL Kukhun [10] considering pervasive systems where XACML language is used to build a model to extend RBAC that can facilitate context-aware features. However, RBAC extinctions approaches do not satisfy usability, situation awareness, and improving access opportunities. It can be observed that location and time are used as context-aware parameters in most related work on context-aware access control models. Liu and

**35**

*An Intelligent Access Control Model*

and access policy with XACML.

recommending RBAX extensions.

access-control decision.

to manage this possibility.

**2.3 Critical analysis of SoD in ABAC**

trator only.

*DOI: http://dx.doi.org/10.5772/intechopen.95459*

Wang [11] present the Fine-grained Context-aware Access (FCAC) model for Health Care and Life Sciences (HCLS) using specific communication technology based on linked data. FCAC is based on two main components: an ontology base,

It is observed from the state of art that context attributes are linked to the system environment rather than subject-attributes or object-attributes. Venkatasubramanian et al. [12] investigate context-aware to distinguish between the traditional authorization models and their proposed criticality-aware as they take into consideration the context of the whole system. Their criticality-aware (CAAC) is based on RBAC concepts. Choi [13] used access-aware in cloud computing. Choi recommends an ontology-based Access Control Model (onto-ACM). Compared to C-RBAC (Context-aware RBAC), onto-ACM can grant the role inheritance by administrator and user, whereas C-RBAC grants the role by adminis-

As per the related work investigated in Section 2.1, we can conclude that to deploy an efficient context-ware feature, the attributes should be related to the system environment. Context-aware will add a flexibility to dynamic systems where the users and privileges keep changing such as the case in IaaS. ABAC is the basic access control type which can support the context-awareness. Therefore, we are not

The proposed **ABACsh** model is adding context-aware through two phases. The first phase defines the context-attribute set. Each context-attribute consists of an attribute name and an attribute value. The context attributes-names set is predefined by the system administrator based on system critical information and characteristics. Context-attributes differ from the environment attributes in that the latter values are predefined by the administrator, whereas context-attribute values are updated based on the system states, where an embedded sensor captures the context information. For example, for the context-aware attribute named memory, its value will be updated based on the system memory measurements. The context attribute can reflect CPU clock, desk space, network zone, or data and time. In the second phase, context-awareness will be defined as one of the configuration points in the proposed **ABACsh** system to enforce the use of context in the

In an environment that allows policy combination, a user is authorized to act in more than one role or trigger more than one operation simultaneously. Policy combination might lead to policy conflict, as some actions violate the overall policy if they are committed at the same time. Therefore, constraints should be configured

The Separation of Duty (SoD) principle is used in such scenarios to prevent misuse of the system by limiting the user to the least privilege necessary to perform their required tasks. The least privilege principle limits the access of the subject during an operation on a specific task to be within the minimum resources, lowest privileges, and specified period of time. Several security enhancements can be gained from SoD, such as fraud prevention and error minimization [14–16]. There are two main types of SoD: static, and dynamic. Static-SoD (SSoD) will list the conflicting roles which cannot be executed by the same user at the same time, whereas dynamic-SoD (DSoD) enforces the control at the time of

**2.2 The proposed context-aware deployment in ABACsh**

#### *An Intelligent Access Control Model DOI: http://dx.doi.org/10.5772/intechopen.95459*

*Quality Control - Intelligent Manufacturing, Robust Design and Charts*

**2. The proposed enhancement in ABAC model**

**2.1 Context-aware analytical study**

proposed approach.

concept in access control.

environment such as location and time.

As there are distributed systems and the internet connection is used, cybersecurity becomes a critical aspect, especially when there are some economic benefits. There are many security principles which might be tackled in order to enhance the cybersecurity of the systems, however, access control is one of the major aspects as there will be a need to restrict the access to the system as there is a distributed environment when it comes to IoT deployment. One of the optimal access control models to be used in this case is attribute-based access control model (ABAC) [1, 2]. This chapter introduces intelligent attribute-based access control model tested in the cloud computing environment. Section 2 discusses the introduced enhancements to the basic ABAC model. Section 3 illustrates how inelegant is introduced in the proposed ABAC. Finally, an empirical experiment is demonstrated in Section 4 where OpenStack (cloud environment) is used to discuss the efficiency of the

Context-aware system has verity of definitions based on the study scope. In access control field, context-aware allowing a dynamic permission to access an object based on some attributes related to the user context [3]. The context can be extracted from the system environment by using 5W1H (who, where, what, why, when and how) [4]. The context attributes are a finite set which reflect the system and differs from the attributes related to the subject and the object as per the researcher in [5]. However, other authors consider the rule enforcement through Attribute-Based Access Control (ABAC) is based on the attributes of both the subject and the object [6]. Therefore; this section is investigating context-aware

An ubiquitous application with RBAC extension has been investigated by Kim's [3] where state checking matrix is used to build a context-aware agent. Two cases are defined to deploy context-awareness. The first one is through giving privilege up-on the user context, such as location and time. The second one is changing resource permissions up-on the system information, such as network bandwidth and memory usage. Another work proposed by Kim in this filed, called CIAAC (Context Information-based Application Access Control) [4]. CIAAC designed to separate processing logic and business from context awareness and access control policy. CIAAC add flexibility to business application which support dynamic access control policy. This feature allows to satisfy the demand of external security environment. However, the potential drawbacks of CIAAC have not yet been evaluated. Another technique was proposed by Li in his thesis [7] to meet the scope of mobile cloud environment based on Attribute-Based Encryption (ABE). Li defines context-aware terminology to cover the user context-information in addition to the

As per the literature, encryption techniques such as ABE introduce several limitations which effect the overall system efficiency such as the overhead caused by bilinear pairing due to its heavy computation [8]. In addition to that ABE cannot attain fine-grained control [9]. Another related work done by AL Kukhun [10] considering pervasive systems where XACML language is used to build a model to extend RBAC that can facilitate context-aware features. However, RBAC extinctions approaches do not satisfy usability, situation awareness, and improving access opportunities. It can be observed that location and time are used as context-aware parameters in most related work on context-aware access control models. Liu and

**34**

Wang [11] present the Fine-grained Context-aware Access (FCAC) model for Health Care and Life Sciences (HCLS) using specific communication technology based on linked data. FCAC is based on two main components: an ontology base, and access policy with XACML.

It is observed from the state of art that context attributes are linked to the system environment rather than subject-attributes or object-attributes. Venkatasubramanian et al. [12] investigate context-aware to distinguish between the traditional authorization models and their proposed criticality-aware as they take into consideration the context of the whole system. Their criticality-aware (CAAC) is based on RBAC concepts. Choi [13] used access-aware in cloud computing. Choi recommends an ontology-based Access Control Model (onto-ACM). Compared to C-RBAC (Context-aware RBAC), onto-ACM can grant the role inheritance by administrator and user, whereas C-RBAC grants the role by administrator only.
