Real-Time Adaptive Access Control (RTAAC) for Enhanced Security and Privacy in Access Management |
||
|
|
|
© 2024 by IJCTT Journal | ||
Volume-72 Issue-4 |
||
Year of Publication : 2024 | ||
Authors : Saurav Bhattacharya, Puneet Gangrade, Dhruv Seth, Sriram Panyam | ||
DOI : 10.14445/22312803/IJCTT-V72I4P105 |
How to Cite?
Saurav Bhattacharya, Puneet Gangrade, Dhruv Seth, Sriram Panyam, "Real-Time Adaptive Access Control (RTAAC) for Enhanced Security and Privacy in Access Management," International Journal of Computer Trends and Technology, vol. 72, no. 4, pp. 42-50, 2024. Crossref, https://doi.org/10.14445/22312803/IJCTT-V72I4P105
Abstract
Modern IT environments demand sophisticated access management strategies to balance security with operational efficiency. This paper explores the integration of the Least Privilege Principle and Just-in-Time (JIT) access to address the challenges of managing complex, dynamic systems. By granting only essential permissions for specific tasks and then promptly revoking them, this approach minimizes attack surfaces and reduces the risk of privilege creep. We present a theoretical framework for unifying these principles, along with strategies for dynamic access control, automated decision-making, and adaptive policies. This integrated model offers the potential to enhance security, streamline access, and improve operational efficiency. Though implementation challenges exist, proactive investment in tools, training, and process refinement can smooth the transition.
Keywords
Access Management, Least Privilege Principle, Just-in-Time (JIT) Access Management, Privacy-Preserving Authorization, User-Initiated Access Requests, Automated Role Discovery, Proactive Monitoring, Operational Efficiency, Adaptive Policies, Security Enhancement Mechanisms.
Reference
[1] Matthew Keith Carter, “Techniques To Approach Least Privilege,” IDPro Body of Knowledge, vol. 1, no. 9, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[2] Morey J. Haber, and Darran Rolls, Just-in-Time Access Management, Identity Attack Vectors, Apress, Berkeley, CA, pp. 151-155, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[3] Ulrich Lang, and Rudolf Schreiner, Implementing Least Privilege for Interconnected, Agile SOAs/Clouds, ISSE 2012 Securing Electronic Business Processes, Springer Vieweg, Wiesbaden, pp. 89-102, 2012.
[CrossRef] [Google Scholar] [Publisher Link]
[4] Koen Buyens, Bart De Win, and Wouter Joosen, “Improving Least Privilege in Software Architecture by Guided Automated Compartmentalization,” Proceedings of the 6th International Workshop on Security in Information Systems, pp. 145-150, 2008.
[CrossRef] [Google Scholar] [Publisher Link]
[5] Stuart Steiner, Daniel Conte de Leon, and Ananth A. Jillepalli, “Hardening Web Applications using the Least Privileged DBMS Access Model,” Proceedings of the Fifth Cybersecurity Symposium, Coeur d' Alene Idaho, pp. 1-6, 2018.
[CrossRef] [Google Scholar] [Publisher Link]