COMPUTER SCIENCE
and ENGINEERING

This work is dedicated to developing security access control model for web applications. Our work is focused on RBAC model described by Ferraiolo and Kuhn [1992] and Sandhu [1998]. This article describes the new request-oriented RBAC model, which allows flexible access control using web request path and parameters. The new model is a development of our previous extended path-based RBAC model and provides additional access control capabilities. Applying this new model allows reducing security risks for web applications.

Web, Security, Access control, Roles, RBAC