International Journal of Open Information Technologies

The article aims to develop a software complex implementing a risk-based attribute access control mechanism that dynamically processes requests from target services, as well as integrating it into existing systems to demonstrate the flexibility of the solution.

The article analyzes access control models, particularly risk-based ones. The advantages of dynamic access control models are discussed. Special attention is paid to the risk-oriented model based on fuzzy logic, its distinctive features are considered, and its selection as the basis for the developed access control mechanism is explained. A software implementation of the risk-oriented access control mechanism is presented, developed using the Py-ABAC Python library. Integration with the Moodle learning and testing system has been created and tested at the pre-production level. Attention is focused on the details related to the use of the risk-oriented access control model based on fuzzy logic, its advantages, and a variation of the software implementation of the access control mechanism based on this model is proposed.

Ptsecurity, «Kiberbezopasnost' v 2023–2024 gg.: trendy i prognozy. Chast' pjataja». — online; accessed: 13.03.2024. — URL: https://www.ptsecurity.com/ru-ru/research/analytics/kiberbezopasnost-v-2023-2024-gg-trendy-i-prognozy-chast-pyataya/

NACIONAL''NYJ STANDART ROSSIJSKOJ FEDERACII. Zashhita informacii FORMAL''NAJa MODEL'' UPRAVLENIJa DOSTUPOM" ot 2021-06-01 # GOST R 59453.1-2021. — online; accessed: 15.03.2024. — URL: https://docs.cntd.ru/document/1200179191

Kashmar, N., Adda, M., & Atieh, M. From Access Control Models to Access Control Metamodels: A Survey. //Advances in Biochemical Engineering/Biotechnology, 2019 – S. 892–911.

Ma K., Yang G., Xiang Y. RCBAC: A risk-aware content-based access control model for large-scale text data. //Journal of Network and Computer Applications, 2020

R. McGraw. Risk-Adaptable Access Control (RAdAC) //inPrivilege Manag. Work. NIST–National Inst. Stand. Technol. Technol. Lab., 2009 - S. 1–8.

S. Kandala, R. Sandhu, and V. Bhamidipati, An Attribute Based Framework for Risk-Adaptive Access Control Models //Proc. 6th Int. Conf. Availability, Reliab. Secur., 2011 - S. 236–241.

N. N. Diep, L. X. Hung, Y. Zhung, S. Lee, Y. Lee, and H. Lee, Enforcing Access Control Using Risk Assessment //Fourth Eur. Conf. Univers. Multiservice Networks, 2007 - S. 419–424.

L. Rajbhandari and E. A. Snekkenes, Using game theory to analyze risk to privacy: An initial insight //Priv. Identity Manag. Life, Springer Berlin Heidelb., 2011 - S. 41–51.

M. Sharma, Y. Bai, S. Chung, and L. Dai, Using risk in access control for cloud-assisted ehealth //14th Int. Conf. High Perform. Comput. Commun. IEEE, 2012 - S. 1047–1052.

S. Lee, Y. W. Lee, N. N. Diep, S. Lee, Y. Lee, and H. Lee, Contextual Risk-based access control //Proc. 2007 Int. Conf. Secur. Manag., p. 2007 – S.406–412.

Magomedov Sh.G., Kozachok A.V., Tarlanov A.T. Risk-orientirovannaja atributivnaja model' upravlenija dostupom dlja organizacij vysshego obrazovanija // Pravovaja informatika # 1, 2023 – S.72-82

Petrović Dejan V., Miloš Tanasijević, Saša Stojadinović, Jelena Ivaz, Pavle Stojković, Fuzzy Model for Risk Assessment of Machinery Failures //Symmetry. 2020 - Vol. 12, No. 4, p. 525.

Kozachok A.V. Cpecifikacija modeli upravlenija dostupom k raznokategorijnym resursam komp'juternyh sistem // Voprosy kiberbezopasnosti. 2018. # 4 (28). S. 2-8.

D. N. Kolegov, O. V. Broslavskij, N. E. Oleksov. O frjejmvorke atributnogo upravlenija dostupom ABAC Engine //PDM. Prilozhenie, 2017 - # 10, 115–120

Py-ABAC. «Py-ABAC’s documentation». — online; accessed: 27.02.2024. — URL: https://py-abac.readthedocs.io/en/latest/index.html

OASIS, «eXtensible Access Control Markup Language (XACML) Version 3.0». ». — online; accessed: 20.02.2024. — URL: https://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html

Github, «Attribute-based access control (ABAC) SDK for Python». ». — online; accessed: 27.02.2024. — URL: https://github.com/kolotaev/vakt