Cyberspace-Oriented Access Control: A Cyberspace Characteristics-Based Model and Its Policies

With wide development of various information technologies, our daily activities are becoming deeply dependent on cyberspace. People often use handheld devices (e.g., mobile phones or laptops) to publish social messages, facilitate remote e-health diagnosis, or monitor a variety of surveillance. However, security insurance for these activities remains as a significant challenge. Representation of security purposes and their enforcement are two main issues in security of cyberspace. To address these challenging issues, we propose a cyberspace-oriented access control model (CoAC) for cyberspace whose typical usage scenario is as follows. Users leverage devices via network of networks to access sensitive objects with temporal and spatial limitations. We generalize subjects and objects in cyberspace and propose scene-based access control. To enforce security purposes, we argue that all operations on information in cyberspace are combinations of atomic operations. If every single atomic operation is secure, then the cyberspace is secure. Taking applications in the browser-server architecture as an example, we present seven atomic operations for these applications. A number of cases demonstrate that operations in these applications are combinations of introduced atomic operations. We also design a series of security policies for each atomic operation. Finally, we demonstrate both feasibility and flexibility of our CoAC model by examples.