An access control architecture for a web information system

The IJNCPS's Authors that presented the article:

  • Ali Pazahr University of Valencia, Spain
Keywords: privacy, architecture, attacks, two factor authentication, web information system, access control


In the information systems, security is a major issue in their operation which is also an important problem in other area such as maintenance, communications, privacy, and etc.

An efficient security solution for information systems which always is unbeatable has been an unattainable dream and finding a flawless solution has been a problem.

Solving this problem is very hard and security professionals attempt to find the best solution which has the least defect. Nowadays, because many of software applications are web based, software designers prefer to accomplish their applications based on web and consequently consider security issue in their applications to obtain satisfaction for their clients or audiences which is one of their final purposes. Most of methodologies often have some weak points that website attackers attempt to find them and as a result, it will endanger privacy of user accounts. Therefore, the best method is one that has the least weak points.

In this paper an architecture of access control for a web information system has been proposed. This architecture is containing of layers and levels along with a software application solution. Layers are consisting of some generic methods which can set up a confident framework for web information systems while levels are three different sections in these systems. Finally the focus of this paper is on an application, a part of it is server based and the other is client based structure. Both of them will be announced in the next section in detail.

In fact, the application is a solution for multi factor authentication, an appropriate way for users to login into web information systems.


[1] George Sadowsky, Security of information technology, 2003.
[2] Ali Pazahr, Study and design of security architecture of CRM systems in E-Banking, Shiraz University, Iran, 2008.
[3] Http://
[4] ISO and IEC, Information technology, Code of practice for information security management, First Edition, 2000.
[5] J. M. Stewart, Certified Information Systems Security Professional (CISSP) Study guide 3rd edition, Sybex Publishers, 2005.
[6] Http://
[7] Http://
[8] Gary Stoneburner, Alice Goguen, and Alexis Feringa, Risk Management Guide for Information Technology Systems, National Institute of Standards and Technology, U.S. department of commerce, 2002.
[9] Marko Hölbl, Authentication approaches for online-banking, 2007.