Enhancing Network Security in Mobile Applications with Role-Based Access Control
Abstract
In today's dynamic networking environment, securing access to resources has become increasingly challenging due to the growth and progress of connected devices. This study explores the integration of Role-Based Access Control (RBAC) and OAuth 2.0 protocols to enhance network access management and security enforcement in an Android mobile application. The study adopts a waterfall methodology to implement access control mechanisms that govern authentication and authorization. OAuth 2.0, a widely adopted open-standard authorization framework, was implemented to secure user authentication by allowing third-party access without exposing user credentials. Meanwhile, RBAC was leveraged to streamline access permissions based on predefined user roles, ensuring that access privileges are granted according to hierarchical role structures. The main outcomes of this study show significance towards the improvements in security enforcement and user access management. Specifically, the implementation of multi-factor authentication, session timeout mechanisms, and user role-based authorization ensured robust protection of sensitive data while maintaining system usability. RBAC proved effective in controlling access to various system resources, such as database operations which was presented in scenario of physical access to doors, while OAuth 2.0 provided a secure communication channel for authentication events. These protocols, working in tandem, addressed key issues like unauthorized access, data integrity, and scalability in network security policy enforcement. This research deduces that combining RBAC and OAuth 2.0 protocols in mobile applications enhances security posture, simplifies access management, and mitigates evolving threats.
Downloads
References
B. Carroll, Cisco Access Control Security: AAA Administrative Services. Cisco Press, 2004.
R. Tourani, S. Misra, T. Mick, and G. Panwar, "Security, privacy, and access control in information-centric networking: A survey," IEEE Commun. Surveys Tuts., vol. 20, no. 1, pp. 566-600, 2017.
S. Parhi, "Attacks due to flaws of protocols used in Network Access Control (NAC), their solutions, and issues: A survey," Int. J. Comput. Netw. Inf. Secur., vol. 4, no. 3, pp. 31-42, 2012.
G. L. Kim, J. S. Jang, and S. W. Sohn, "The implementation of policy management tool based on network security policy information model," KIPS Trans. PartC, vol. 9, no. 5, pp. 775-782, 2002.
I. J. Umoren and S. J. Inyang, "Methodical performance modelling of mobile broadband networks with soft computing model," Int. J. Comput. Appl., vol. 174, no. 25, pp. 7-21, 2021.
C. L. Bowser, "Enforce network access control through security policy management process and enforcement," SANS Institute, 2004.
P. K. Sadhu, V. P. Yanambaka, and A. Abdelgawad, "Internet of Things: Security and solutions survey," Sensors (Basel), vol. 22, no. 19, p. 7433, 2022. doi: 10.3390/s22197433.
J. Matias, J. Garay, A. Mendiola, N. Toledo, and E. Jacob, "FlowNAC: Flow-based network access control," in 2014 Third European Workshop on Software Defined Networks, 2014, pp. 79-84.
A. Lakbabi, G. Orhanou, and S. E. Hajji, "Network access control technology—Proposition to contain new security challenges," arXiv preprint arXiv:1304.0807, 2013.
S. Ravidas, A. Lekidis, F. Paci, and N. Zannone, "Access control in Internet-of-Things: A survey," J. Netw. Comput. Appl., vol. 144, pp. 79-101, 2019.
E. Johnson, G. Ansa, H. Cruickshank, and Z. Sun, "Access control framework for delay/disruption tolerant networks," in Personal Satellite Services: Second International ICST Conference, PSATS 2010, Rome, Italy, February 2010 Revised Selected Papers, vol. 2, Springer Berlin Heidelberg, 2010, pp. 249-264.
C. A. Berrick, "Homeland security: DHS’s progress and challenges in key areas of maritime, aviation, and cybersecurity (GAO-10-106)," Government Accountability Office, 2009.
O'Reilly, Implementing NAP and NAC Security Technologies: The Complete Guide to Network Access Control, 2023.
C. Fisher, "Network access control: Disruptive technology?" Regis University Student Publications, 2007.
M. Alshaikh, S. B. Maynard, A. Ahmad, and S. Chang, "Information security policy: A management practice perspective," arXiv preprint arXiv:1606.00890, 2016.
S. Ramachandran, C. Rao, T. Goles, and G. Dhillon, "Variations in information security cultures across professions: A qualitative study," Commun. Assoc. Inf. Syst., vol. 33, no. 11, pp. 163-204, Dec. 2012.
M. Kamariotou and F. Kitsios, "Information systems strategy and security policy: A conceptual framework," Electronics, vol. 12, no. 2, p. 382, 2023. doi: 10.3390/electronics12020382.
G. Kumar and K. Kumar, "Network security—An updated perspective," Syst. Sci. Control Eng., vol. 2, no. 1, pp. 325-334, 2014.
S. Samonas and D. Coss, "The CIA strikes back: Redefining confidentiality, integrity, and availability in security," J. Inf. Syst. Secur., vol. 10, no. 3, 2014.
H. Dwivedi, C. Clark, and D. V. Thiel, Mobile Application Security. New York: McGraw-Hill, 2010.
E. J. Smith, D. A. Robinson, and S. Elphick, "DER control and management strategies for distribution networks: A review of current practices and future directions," Energies, vol. 17, no. 11, p. 2636, 2024.
Y. Mowafi, I. Dhiah el Diehn, A. Zmily, T. Al-Aqarbeh, M. Abilov, and V. Dmitriyevr, "Exploring a context-based network access control for mobile devices," Procedia Comput. Sci., vol. 62, pp. 547-554, 2015.
Download PDF: 55 times
Copyright (c) 2024 Journal of Information Systems and Informatics
This work is licensed under a Creative Commons Attribution 4.0 International License.
- I certify that I have read, understand and agreed to the Journal of Information Systems and Informatics (Journal-ISI) submission guidelines, policies and submission declaration. Submission already using the provided template.
- I certify that all authors have approved the publication of this and there is no conflict of interest.
- I confirm that the manuscript is the authors' original work and the manuscript has not received prior publication and is not under consideration for publication elsewhere and has not been previously published.
- I confirm that all authors listed on the title page have contributed significantly to the work, have read the manuscript, attest to the validity and legitimacy of the data and its interpretation, and agree to its submission.
- I confirm that the paper now submitted is not copied or plagiarized version of some other published work.
- I declare that I shall not submit the paper for publication in any other Journal or Magazine till the decision is made by journal editors.
- If the paper is finally accepted by the journal for publication, I confirm that I will either publish the paper immediately or withdraw it according to withdrawal policies
- I Agree that the paper published by this journal, I transfer copyright or assign exclusive rights to the publisher (including commercial rights)