The web becomes a common platform to share the resources among a very large group of people. Protecting the resources from malicious users and their actions is a great challenge. Access Control and Authentication are the two major services mostly used for protecting the resources. Many access control models were proposed and standardized by NIST. Some popular access control models are Role Based Access Control, Attribute Based Access Control, Policy Based Access Control, Budget Aware Access Control, etc. became the challenging factors in web for providing access to the resources. Individually those models are vulnerable for web resources. Many authentication methods were proposed earlier for protecting the web resources. These existing methods for ensuring authentication are text based passwords or image based authentication or one time password. Those methods are the most common and widely used methods by many of the real time web applications to verify the authentication of the users. Some common issues in the traditional methods are more time consuming, multilevel authentication for all stored resources irrespective of sensitiveness. Also, these methods are not performing well to meet the challenges. Hence this paper proposes a new method to access the web resources using hybrid access control model with multilevel authentication. Depends upon the type of accessing resources, access polices of more than one access control model have been enabled. For ensuring authentication before allowing accessibility, multilevel authentication for the resources has been fixed based on the level of sensitivity. It facilitates the users to access the resources by consuming short time for authentication process. The proposed system assigns a level of sensitivity for the resources; the sensitivity is proportional to the number of levels which should be crossed by the end user to access the resources.
Access Control, Authorization, Delegation, Multilevel Authentication, Security, Separation of Duty
Share This Article
© The Author(s) 2015. Open Access. This article is distributed under the terms of the Creative Commons Attribution 4.0 International License which permits unrestricted use, sharing, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.