Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
A novel multilayer AAA model for integrated applications
Rezakhani A., Shirazi H., Modiri N. Neural Computing and Applications29 (10):887-901,2018.Type:Article
Date Reviewed: Mar 22 2019

Unidimensional static security policies cannot cater to the needs of a growing enterprise anymore. Local regulations, business processes, operational levels, and threat modeling are the key anchors around which successful organizations build their authentication, authorization and accounting (AAA) models. This paper proposes a multilayered AAA model and also evaluates its various aspects. The proposed model not only covers many security requirements, but can also be used to enhance security in integrated applications. Information technology (IT) infrastructure managers designing AAA and security frameworks for medium and large enterprises can benefit from this paper.

The paper starts with the background by briefly explaining different access control mechanisms, namely discretionary access control (DAC), role-based access control (RBAC), mandatory access control (MAC), attribute-based access control (ABAC), and risk adaptive access control (RAdAC), and how these do not adequately serve high-scale and pervasive computing environments.

The paper proposes a four-layer approach that consists of enterprise layer AC, business process layer AC, operational layer AC, and implementation layer AC. Threat modeling, regulations, and best practices (like ISMS and COBIT) policies are covered under the enterprise layer. The business process layer brings in the hierarchical security requirements for every subsystem within the organization, which could perform different business processes, that in turn determines the model for each process. The operational layer links the information domains related to every business process. The information domains consist of domain objects and application-level operations. The implementation layer, the lowest layer, creates the policy sets, policies, and rules that drop down from the top.

The paper evaluates the proposed model via abuse and misuse case diagrams, including a case study of threat monitoring using the Acunetix tool and a formal evaluation using the Alloy model checker. The evaluation winds up by comparing the proposed model to some earlier business modeling methods.

The paper concludes with an evaluation and comparison, showing that the proposed four-layer model creates a comprehensive AAA for integrated applications, covering all security requirements for a growing organization.

The paper’s readability could be better, that is, some sections are a bit difficult to comprehend. If only it had been proofread by a technical writer.

Reviewer:  Subash Tirupachur Comerica Review #: CR146484 (1906-0230)
Bookmark and Share
  Reviewer Selected
 
 
Neural Nets (C.1.3 ... )
 
Would you recommend this review?
yes
no
Other reviews under "Neural Nets": Date
Neural networks: an introduction
Müller B., Reinhardt J., Springer-Verlag New York, Inc., New York, NY, 1990. Type: Book (9780387523804)
May 1 1993
The computing neuron
Durbin R. (ed), Miall C., Mitchison G., Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1989. Type: Book (9780201183481)
May 1 1993
A practical guide to neural nets
McCord-Nelson M., Illingworth W., Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1991. Type: Book (9780201523768)
May 1 1993
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy