Adaptive Role-Based Access Control and Policy Enforcement in ERP Systems for Governmental and Military Applications
DOI:
https://doi.org/10.63282/3050-922X.IJERET-V6I3P109Keywords:
Access Control, ERP Systems, Role-Based Access Control (RBAC), Policy Enforcement, Government ApplicationsAbstract
Enterprise Resource Planning (ERP) systems play a central role in the management of the fundamental activities in governmental and military organizations. Traditional security models are insufficient to provide adequate protection due to the extreme sensitivity and criticality of the data processed in such areas. Adaptive Role-Based Access Control (ARBAC) is indeed a dynamic and versatile role-based access control solution that can address the complexity and security demands of contemporary ERP environments. This paper proposes a new and enhanced ARBAC model with integrated context-aware policy enforcement structures, applicable to ERP systems within government and military departments. Our way brings out dynamic permission assignment and multi-factor context-based validation, and real-time detection of anomalies in user behavior and operational functions. The proposed framework will leverage its enhanced resilience to insider threats, unauthorised access, and policy violations, thereby maintaining system operational effectiveness. The study's findings indicate a 37% increase in threat detection rates and a 42% decrease in policy breaches, as determined through comparative analysis, simulations, and case studies. The research provides support in efforts to assure secure digital transformation in essential areas through the combination of conventional RBAC pillars and opportunistic, smart decision-making policy strategies in access control
References
[1] Sandhu, R. S. (1998). Role-based access control. In Advances in Computers (Vol. 46, pp. 237-286). Elsevier.
[2] Hu, V. C., Ferraiolo, D., & Kuhn, D. R. (2006). Assessment of access control systems (Vol. 76). Gaithersburg, MD: US Department of Commerce, National Institute of Standards and Technology.
[3] Hu, V. C., Ferraiolo, D., Kuhn, R., Friedman, A. R., Lang, A. J., Cogdell, M. M., ... & Scarfone, K. (2013). Guide to attribute-based access control (ABAC) definition and considerations (draft). NIST special publication, 800(162), 1-54.
[4] Alam, M., Breu, R., & Hafner, M. (2007). Model-driven security engineering for trust management in SECTET. J. Softw., 2(1), 47-59.
[5] Kulkarni, D., & Tripathi, A. (2008, June). Context-aware role-based access control in pervasive computing systems. In Proceedings of the 13th ACM Symposium on Access Control Models and Technologies (pp. 113-122).
[6] Covington, M. J., Long, W., Srinivasan, S., Dev, A. K., Ahamad, M., & Abowd, G. D. (2001, May). Securing context-aware applications using environment roles. In Proceedings of the sixth ACM symposium on Access control models and technologies (pp. 10-20).
[7] Chakraborty, S., & Ray, I. (2006, June). TrustBAC: integrating trust relationships into the RBAC model for access control in open systems. In Proceedings of the eleventh ACM symposium on Access control models and technologies (pp. 49-58).
[8] Zurko, M. E., & Simon, R. T. (1996, September). User-centred security. In Proceedings of the 1996 workshop on New security paradigms (pp. 27-33).
[9] Felt, A. P., Chin, E., Hanna, S., Song, D., & Wagner, D. (2011, October). Android permissions demystified in Proceedings of the 18th ACM conference on Computer and Communications Security (pp. 627-638).
[10] Park, J., & Sandhu, R. (2004). The UCONABC usage control model. ACM transactions on information and system security (TISSEC), 7(1), 128-174.
[11] Pretschner, A., Hilty, M., & Basin, D. (2006). Distributed usage control. Communications of the ACM, 49(9), 39-44.
[12] Takabi, H., Joshi, J. B., & Ahn, G. J. (2010). Security and Privacy Challenges in Cloud Computing Environments. IEEE Security & Privacy, 8(6), 24-31.
[13] Ferraiolo, D. F., Sandhu, R., Gavrila, S., Kuhn, D. R., & Chandramouli, R. (2001). Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security (TISSEC), 4(3), 224-274.
[14] Da Silva, C. E., da Silva, J. D. S., Paterson, C., & Calinescu, R. (2017, May). Self-adaptive role-based access control for business processes. In 2017, IEEE/ACM 12th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS) (pp. 193-203). IEEE.
[15] Ferraiolo, D., Cugini, J., & Kuhn, D. R. (1995, December). Role-based access control (RBAC): Features and motivations. In Proceedings of the 11th Annual Computer Security Application Conference (pp. 241-48).
[16] Hu, V. C., Kuhn, D. R., Ferraiolo, D. F., & Voas, J. (2015). Attribute-based access control. Computer, 48(2), 85-88.
[17] Yuan, E., & Tong, J. (2005, July). Attribute-based access control (ABAC) for web services. In the IEEE International Conference on Web Services (ICWS'05). IEEE.
[18] Samarati, P., & De Vimercati, S. C. (2000). Access control: Policies, models, and mechanisms. In International school on foundations of security analysis and design (pp. 137-196). Berlin, Heidelberg: Springer Berlin Heidelberg.
[19] Penelova, M. (2021). Access control models. Cybernetics and Information Technologies, 21(4), 77-104.
[20] Ruan, C., & Varadharajan, V. (2014). Dynamic delegation framework for role-based access control in distributed data management systems. Distributed and Parallel Databases, 32(2), 245-269.
[21] Noor, S., Awan, H.H., Hashmi, A.S. et al. Optimizing performance of parallel computing platforms for large-scale genome data analysis. Computing 107, 86 (2025). https://doi.org/10.1007/s00607-025-01441-y
[22] L. N. R. Mudunuri, V. M. Aragani, and P. K. Maroju, "Enhancing Cybersecurity in Banking: Best Practices and Solutions for Securing the Digital Supply Chain," Journal of Computational Analysis and Applications, vol. 33, no. 8, pp. 929-936, Sep. 2024.
[23] Thirunagalingam, A. (2024). Bias Detection and Mitigation in Data Pipelines: Ensuring Fairness and Accuracy in Machine Learning. Available at SSRN 5047605.
