文章基本信息

标题：Enhancing the Wordpress System: from Role to Attribute-Based Access Control
本地全文：下载
作者：Lifeng Cao ; Jia Ying Ou ; Amirhossein Chinaei 等
期刊名称：International Journal of Network Security & Its Applications
印刷版ISSN：0975-2307
电子版ISSN：0974-9330
出版年度：2019
卷号：11
期号：3
页码：1-18
DOI：10.5121/ijnsa.2019.11301
出版社：Academy & Industry Research Collaboration Center (AIRCC)
摘要：Role-Based Access Control (RBAC) is the most commonly used model on web applications. The advantages of RBAC are the ease of understanding, applying and managing privileges. The static RBAC model cannot alter access permission in real-time without human involvement and therefore the model suffers from increasing false negative (and/or false positive) outcomes. Hence, the Attribute-Based Access Control (ABAC) model has been proposed to introduce dynamicity and minimize human involvement in order to enhance security. WordPress is a very popular Role-Based content management system. To our best knowledge, no solution to merge from RBAC to ABAC model for WordPress applications has been found. Our contribution is a WordPress plug-in that we have developed to build ABAC upon the existing RBAC setups. In this journey, we have investigated various scenarios by studying different application categories to come up with an enhanced automatic model that adds real-time grant and revoke feature to WordPress.
关键词：Role-Base-Access-Control; Attribute-Base-Access-Control; WordPress; Content Management; Security