Access Control Model Based On Role And Attribute For Secured Application.

Access control mechanism is used to secure an organization from insiders and intruders. RBAC and ABAC are the most popular models at present. Yet, they both deteriorate with pitfalls. RBAC has been widely adopted due to security advantages but difficult to meet dynamic access control requirements where ABAC provides more flexibility by introducing attributes. But system complexity due to the addition of attributes is the main drawback of ABAC. This paper combines  benefits of these two models  to come up with a role and attribute based RABAC model. RBAC manages static attributes and ABAC manages dynamic attributes which makes it more flexible, fine grained and user friendly. Additionally, we employ RABAC model to design a secured web application framework according to the characteristics of the model. This makes the application robust to hold out against SQL injection attacks..