Lakshmi Satish Chandra. Gorijala, Dr Syed Umar, Vinay satya kumar.Yaddanapudi , Nageswara Rao. Mandava
With the development of Internet and Intranet, Web and distributed databases have been used more and more widely. It is important to properly handle network and Web database security issues including authentication, denial of service, and fine-grained access control. When database access control and the network security are addressed separately, the security systems are not optimized sufficiently as a whole. This paper presents a Criterion-Based Role- Based Access Control model in which secure permissions (SP), secure operations (SOp), secure objects (SOb), and secure users (SU) are introduced. The security criterion expressions (SCE) embedded in SOb work as locks and the common elements of the security criterion subsets (SCSS) in Sop and SU work as keys. To support web-based applications, the remote secure user-role assignment is done based on user‟s digital credential(s), and Compact-Secure Role-SCSS cookies are adopted to simplify the subsequent transactions. The multilayer access control is achieved by actuating locks with the relevant keys. The proposed model, an extension of traditional RBAC, efficiently supports both multilayer access control and non-multilayer access control on the web.