This Nowadays web becomes a common platform to share the resources among a very large group of people. Protecting the resources from malicious users and their actions is a great challenge. Many authentication methods were proposed earlier for protecting the web resources. The existing methods for ensuring authentication are text based passwords, image based authentication, one time password. These methods are the most common and widely used methods by many of the real time web applications to verify the authentication of the users. Some common issues in the traditional methods are more time consuming, multilevel authentication for all stored resources irrespective of sensitiveness. Also, these methods are not performing well to meet the challenges. Hence this paper proposes a new method to access the web resources using multilevel authentication and access control policies. The multilevel authentication for the resources has been fixed based on the level of sensitivity. It facilitates the users to access the resources by consuming short time for authentication process.The proposed system assigns a level of sensitivity for the resources; the sensitivity is proportional to the number of levels which should be crossed by the end user to access the resources. This model has been implemented in a university database and its performance has been tested by the contrasting methods to study its effectiveness.
Copyright © 2014 Praise Worthy Prize - All rights reserved.

Surabhi Anand, Priya Jain, Nitin and Ravi Rastogi, Security Analysis and Implementation of 3-level Security System using Image Based Authentication, Computer Modelling and simulation (UK SIM), 14th International Conference; IEEE Computer Society; 2012; pp. 547 – 552.
http://dx.doi.org/10.1109/uksim.2012.83

C. Thenmozhi, S. Sathvi, B. Thamotharan, Two Level Image Based Authentication System, International Journal of Engineering and Technology (IJET), ISSN: 0975-4024, Vol. 5 no 3, 2013, pp. 2036 – 2040.

Sonia Chiasson, Elizabeth Stobert, Robert Biddle, Alain Forget, Paul C. Van Oorschot, Persuasive Cued Click-Points: Design, Implementation, and Evaluation of a Knowledge-Based Authentication Mechanism, IEEE Transactions on Dependable and Secure Computing, IEEE Computer Society, March/April 2012 (vol. 9 no. 2), pp. 222 – 235.
http://dx.doi.org/10.1109/tdsc.2011.55

Amit Sasturkar, Ping Yang, Scott D. Stoller, C.R. Ramakrishnan, Policy analysis of Administrative Role-Based Access Control, Theoretical Computer Science 412, 2011, pp. 6208 – 6234.
http://dx.doi.org/10.1016/j.tcs.2011.05.009

Mohsen Saffarian, Qiang Tang, Willem Jonker, and Pieter Hartel, Dynamic User-Role Assignment in Remote Access Control, Centre for Telematics and Information Technology University of Twente, Enschede. ISSN 1381-3625 pp. 9 – 14.

Guoping Zhang, Jing Liu, “A Model of Workflow-oriented Attributed Based Access Control”, I.J. Computer Network and Information Security, 2011, 1, 47-53.
http://dx.doi.org/10.5815/ijcnis.2011.01.07

Lorenzo Cirio, Isabel F. Cruz, and Roberto Tamassia, A Role and Attribute Based Access Control System Using Semantic Web Technologies, Springer-Verlag Berlin Heidelberg, 2007; pp. 1256 – 1266.
http://dx.doi.org/10.1007/978-3-540-76890-6_53

Bo Lang, Ian Foster, Frank Siebenlist, Rachana Ananthakrishnan, Tim Freeman, A flexible Attribute Based Access Control for Grid Computing, Journal of Grid Computing; 2009; pp. 169 – 180.
http://dx.doi.org/10.1007/s10723-008-9112-1

David F. Ferraiolo, Ravi Sandhu,Serban Gavrila, D. Richard Kuhn, Ramaswamy Chandramouli, Proposed NIST Standard for Role-Based Access Control, ACM Transactions on Information And System Security, Vol. 4, 2001, pp. 224 – 274.
http://dx.doi.org/10.1145/501978.501980

Nirmalrani V and Sakthivel P, Design and Implementation of A-RBAC Model for Services in Distributed SOA, in the proceedings of National Conference on Emerging Trends in Information and Communication Technologies, SRM University, Chennai, September 2012, pp. 101 – 107.

Patricia A. Dwyer, George D. Jelatis and Bhavani M. Thuraisingham, Multilevel Security in Database Management Systems, Elsevier Science Publishers, 1987, pp. 252 – 260.
http://dx.doi.org/10.1016/0167-4048(87)90105-2

Richard Kuhn, Edward J. Coyne, Timothy R. Weil, Adding Attributes to Role-Based Access Control, IEEE Computer, vol. 43, no. 6 ,2010, pp. 79 – 81.
http://dx.doi.org/10.1109/mc.2010.155

Song GUO, Xiaoping LAI, An Access Control Approach of Multi_Security Domain for Web Service, Elsevier, Advanced in Control Engineering and Information Science Procedia Engineering 15, 2011; pp. 3376 – 3382.
http://dx.doi.org/10.1016/j.proeng.2011.08.633

Xin Jin, Ram Krishnan and Ravi Sandhu, A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC, IFPT International Federation for Information Processing; 2012; pp. 41 – 55.
http://dx.doi.org/10.1007/978-3-642-31540-4_4

http://www.cis.famu.edu/~hchi/langzhao_Thesis_final1.pdf.

http://www.slashdocs.com/nnmyvp/0072225785-ch02.html.