In recent times, a lot of data sharing happen over the Internet. Thus working of the network becomes an important factor for data access. Some scenarios require a user to finish a task on the assigned data within a particular time limit. However, the network access may be intermittent if the user accesses the data over mobile network or low-bandwidth wireless network. This affects the time taken to complete the task. Rural business process outsourcing is one such example. It involves data of low value such as insurance forms, data entry forms etc. for which the restriction of network availability at all times of access can be relaxed. This approach follows the principle of “good-enough security” which recommends that an adequate security measure should depend on the cost of data. Existing models mandate network availability for authorisation. In this work, we propose a network-aware role-based access control (NA-RBAC) model. NA-RBAC facilitates network-aware access and supports user authorisation in the absence of network connectivity. We present its formal specification and verify security properties. We compare the performance of NA-RBAC with RBAC using analytical models and simulations. Simulations show that NA-RBAC scores over RBAC in the presence of network disconnections. Further, we implement NA-RBAC model for RBPO scenario and present results.
All Science Journal Classification (ASJC) codes
- Safety, Risk, Reliability and Quality
- Computer Networks and Communications