E-Store Management Using Bell-LaPadula Access Control Security Model

Saida Roslan - Universiti Tun Hussein Onn Malaysia, Johor, Malaysia
Isredza A Hamid - Universiti Tun Hussein Onn Malaysia, Johor, Malaysia
Palaniappan Shamala - Universiti Tun Hussein Onn Malaysia, Johor, Malaysia


Citation Format:



DOI: http://dx.doi.org/10.30630/joiv.2.3-2.140

Abstract


Generally, the existing store management system does not provide any access control mechanism in order to manage resources. All levels of user have the same right to access the store and borrow the equipment. Therefore, the E-Store management system using Bell-LaPadula access control model was proposed. The prototyping methodology was used to develop the system because methodology model is quickly constructed to test or illustrate design features and ideas, in order to gather user feedback. Moreover, the system is built using hypertext processor (PHP) language. The E-Store system has three types of users, which are known as top management of Welding Department, lecturers and students. The user’s access control is divided by high-level privilege to lower-level privilege. Therefore, each user will have different login interface according to their role and access right to the system. Through the system, high-level user manages in and out equipment flow, manages authorization, view history log in activity and verify complaint report. Lower-level user can view list of equipment, report complaint and damage equipment and borrow equipment. The E-Store management system is expected to manage the store effectively and reduced redundancy issues of equipment requested. The user access right has been assigned based on their access level.

Keywords


Bell-LaPadula , access control security model, E-store, management.

Full Text:

PDF

References


Schinagl, S., Paans, R., and Schoon, K. (2016). “The revival of ancient information security models, insight in risks and selection of measures,” Proc. Annu. Hawaii Int. Conf. Syst. Sci., vol. 2016–March, no. 1, pp. 4041–4050, 2016.

Peter, G. (2010). CISSP Guide To Security Essentials. Course Technology, Cengage Learning.

Samson, J. (nda). “Alymta System.” [Online]. Available: http://www.almyta.com/abc_inventory_software.asp.

Viva, M. (2010). “Odoo Inventory System,” [Online]. Available: https://uthm.odoo.com/web#home.

“TradeGecko,” 2016. [Online]. Available: https://www.tradegecko.com/producttour/ inventory-control-system.

Neumann, P.G. (2004).“Prototyping,” October, pp. 1–13, 2004.

Neumann, P.G. (2018). Fundamental trustworthiness principles. New Solutions for Cybersecurity.

Ebrahim Abduljalil, D.S., (2017). Multilevel Security Models in Real-Time Database Systems: Comparing and Analyzing. International Journal Of Engineering And Computer Science, 6(3).

Rajpoot, Q.M., Jensen, C.D. and Krishnan, R., (2015), Attributes enhanced role-based access control model. In International Conference on Trust and Privacy in Digital Business (pp. 3-17). Springer, Cham.

Sharma, N.K. and Joshi, A., (2016). Representing attribute based access control policies in owl. In Semantic Computing (ICSC), 2016 IEEE Tenth International Conference on (pp. 333-336).

Giardino, C., Unterkalmsteiner, M., Paternoster, N., Gorschek, T. and Abrahamsson, P., (2014). What do we know about software development in startups?. IEEE software, 31(5), pp.28-32.

Ebrahim Abduljalil, D.S., (2017). Multilevel Security Models in Real-Time Database Systems: Comparing and Analyzing. International Journal Of Engineering And Computer Science, 6(3).




Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

__________________________________________________________________________
JOIV : International Journal on Informatics Visualization
ISSN 2549-9610  (print) | 2549-9904 (online)
Organized by Department of Information Technology - Politeknik Negeri Padang, and Institute of Visual Informatics - UKM and Soft Computing and Data Mining Centre - UTHM
Published by Department of Information Technology - Politeknik Negeri Padang
W : http://joiv.org
E : joiv@pnp.ac.id, hidra@pnp.ac.id, rahmat@pnp.ac.id

View JOIV Stats

Creative Commons License is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.