Abstract: In the emerging scenario of multidimensional digital media, users desire the self-constraining access permission by using environmental state, temporal state and etc. To achieve this goal, an authorization attribute based on concepts of environmental state, temporal state and roles was defined, then a multidimensional digital media-oriented access control scheme was proposed. Specifically, the assignment relationships of user-authorization attribute and authorization attribute-access permission were defined. On the basis of this, the authorization attributes for users according to their ID, attribute information, environmental states, temporal states and roles were assigned using the assignment relationship of the user-authorization attribute, the access permission for users in accordance with the authorization attributes were assigned with the assignment relationship of the authorization attribute-access permission. Additionally, constraint conditions were introduced into the proposed scheme to set self-constraining of the access permission for users in terms of the authorization attributes. Through this way, the dynamic reduction of the access permission was realized. Finally, the description of the Z-notation was employed to formalize our scheme. Results of instance analysis demonstrate that the proposed scheme is effective and efficiency. Comparing with related works, the proposed scheme is able to support the principles of the least privilege, separation of duty, data abstraction and etc.

Key words: access control; multidimensional digital media; mobile communication; access permission dynamic reduction