A preview of this full-text is provided by Springer Nature.
Content available from Journal of Computer Virology and Hacking Techniques
This content is subject to copyright. Terms and conditions apply.
Journal of Computer Virology and Hacking Techniques (2020) 16:313–331
https://doi.org/10.1007/s11416-020-00365-9
ORIGINAL PAPER
ChRelBAC data access control model for large-scale interactive
informational-analytical systems
Valery Vasenin1·Alexander Itkes1·Maxim Krivchikov1·Evgeniya Yavtushenko1
Received: 30 November 2019 / Accepted: 18 August 2020 / Published online: 31 August 2020
© Springer-Verlag France SAS, part of Springer Nature 2020
Abstract
Information systems providing interactive access for a huge number of users worldwide are exposed to numerous security
threats. One of the most significant threats to this sort of systems is the threat of unauthorized access to system resources,
leading to the breach of data confidentiality (privacy), data integrity and to the denial of service. The design and implementation
of models and algorithms to reduce the risks of realizing such threats and to ensure the prompt response to the incidents is an
important problem. In this article we introduce the chain-relational model of access control (ChRelBAC), which was designed
and implemented for a large scientometric system. We describe two software tools for supporting the model. Visualization
tool presents access control rules in a user-friendly way. Verification tool for the processes of the model integration with the
target information system source code identifies the entry points of the system that are not covered by the model. Finally, we
discuss the problem of testing the relational model on the real data sets.
Keywords Access control ·Information security ·Relation-based access control model ·Web applications ·Visualization ·
Verification ·Static analysis
1 Introduction
In connection with the global trend of recent years, focused
on the digitalization of the economy, approaches to the
development and maintenance of interactive information-
analytical systems in all areas of the national economy
are considered among the most important research direc-
tions. Main purposes of such systems include the significant
improvement of working conditions and increased labor pro-
ductivity of the individual employees and teams in each of
these areas. The achievement of this goal should be facil-
itated by: creating the comfortable working conditions for
subjects; effective mechanisms for its adequate evaluation
BMaxim Krivchikov
maxim.krivchikov@gmail.com
Valery Vasenin
vasenin@msu.ru
Alexander Itkes
itkes@imec.msu.ru
Evgeniya Yavtushenko
evgeniya_40@mail.ru
1Institute of Mechanics, Lomonosov Moscow State University,
Moscow, Russia
and introduction on this basis of mechanisms for stimulating
subjects at all levels of the administrative hierarchy.
The cornerstone, which largely determines the success of
other areas of the national economy of any country, is the
scientific-technological activity and the training of highly
qualified personnel for it. Automation methods in this field
of activity, mechanisms for evaluating its effectiveness and
methods of its stimulation are known for a long time and have
been evolving for many years [1,2]. In its most general form,
this approach is called scientometrics. Within its framework
usual subjects for analysis are the results of scientific, tech-
nological and pedagogical activity for a certain time period.
This approach is applied in practice for many decades. It is
well systematized and permanently (constantly) developing.
However, such a development in the late 20th and early 21st
centuries was constrained by the lack of capabilities (methods
and tools) for working (collection and storage, analysis and
verification) with large volumes of data, which have a high
fluidity (variability) of their characteristic parameter values
– indicators of the evaluation. However, in the context of
the increasing influence of scientific achievements on the
technological potential of society, the need for the practical
implementation of such approaches grew at even faster pace
than the corresponding capabilities. In this regard, the oppor-
123
Content courtesy of Springer Nature, terms of use apply. Rights reserved.