Abstract
In recent years, attribute-based access control (ABAC) models have been widely used in big data and cloud computing. However, with the growing importance of data content, using data content to assist authorization for access controls has become more common. In this paper, we propose a dynamic content-driven attribute-based access control model (CABAC) for large-scale unstructured data. CABAC is a fine-grained access control model that use two-layer authorization to balance efficiency and accuracy. The first-layer authorization uses attributes to grant users basic authority and the second-layer authorization uses data content to grant broader authority over “related” data. Experimental results show that CABAC has acceptable efficiency and it can expand the authority of users without reducing security.
Supported by the National Natural Science Foundation of China (61572263, 61502251, 61602263, 61872197), the Postgraduate Research & Practice Innovation Program of Jiangsu Province (KYCX18_0891), the Natural Science Foundation of Jiangsu Province (BK20161516, BK20160916), the Postdoctoral Science Foundation Project of China (2016M601859), the Natural Research Foundation of Nanjing University of Posts and Telecommunications (NY217119).
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
NSF research award data set: http://archive.ics.uci.edu/ml/datasets/NSF+Research+Award+Abstracts+1990-2003.
References
Adam, N.R., Atluri, V., Bertino, E., Ferrari, E.: A content-based authorization model for digital libraries. IEEE Trans. Knowl. Data Eng. 14(2), 296–315 (2002)
Aluvalu, R.K., Muddana, L.: A dynamic attribute-based risk aware access control model (DA-RAAC) for cloud computing. In: IEEE International Conference on Computational Intelligence and Computing Research, pp. 1–5 (2016)
Jadliwala, M., Maiti, A., Namboodiri, V.: Social puzzles: context-based access control in online social networks. In: IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 299–310 (2014)
Jha, S., Sural, S., Atluri, V., Vaidya, J.: Specification and verification of separation of duty constraints in attribute based access control. IEEE Trans. Inf. Forensics Secur. 13(4), 897–911 (2018)
Li, T., Rui, Y.: Priexpress: privacy-preserving express delivery with fine-grained attribute-based access control. In: Communications and Network Security, pp. 333–341 (2017)
Liu, Z., Jiang, Z.L., Wang, X., Yiu, S.M., Zhang, C., Zhao, X.: Dynamic attribute-based access control in cloud storage systems. In: Trustcom/BigDataSE/ISPA, pp. 129–137 (2017)
Luo, X., Wang, W., Luo, W.: The retrospect and prospect of access control technology. Netinfo Secur. 12, 19–27 (2016)
Mannes, E., Maziero, C., Lassance, L., Borges, F.: Optimized access control enforcement over encrypted content in information-centric networks. In: Computers and Communication, pp. 924–929 (2015)
Nagai, S., Kaida, T., Mizuno, O.: The group data access control method in content centric network, pp. 1–3 (2015)
Paradesi, S., Liccardi, I., Kagal, L., Pato, J.: A semantic framework for content-based access controls. In: International Conference on Social Computing, pp. 624–629 (2013)
Qi, H., Luo, X., Di, X., Li, J., Yang, H., Jiang, Z.: Access control model based on role and attribute and its implementation. In: International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, pp. 66–71 (2017)
Rubart, J.: Context-based access control. In: Symposia on Metainformatics, p. 13 (2005)
Ulusoy, H., Colombo, P., Ferrari, E., Kantarcioglu, M., Pattuk, E.: GuardMR: fine-grained security policy enforcement for MapReduce systems. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, pp. 285–296. ACM (2015)
Ulusoy, H., Kantarcioglu, M., Pattuk, E., Hamlen, K.: Vigiles: fine-grained access control for MapReduce systems. In: 2014 IEEE International Congress on Big Data (BigData Congress), pp. 40–47. IEEE (2014)
Wang, M., Wang, J., Guo, L., Harn, L.: Inverted XML access control model based on ontology semantic dependency. CMC: Comput. Mater. Continua 55(3), 465–482 (2018)
Wu, M.Y., Chen, Y.W., Ke, C.K.: Design and implementation of a context and role-based access control model for digital content. In: IET International Conference on Frontier Computing, Theory, Technologies and Applications, pp. 253–257 (2010)
Wu, M.Y., Zhuo, Z.X.: Digital content access control for end-users. In: International Conference on Software Intelligence Technologies and Applications and International Conference on Frontiers of Internet of Things, pp. 39–42 (2014)
Zeng, W., Yang, Y., Luo, B.: Content-based access control: use data content to assist access control for large-scale content-centric databases. In: IEEE International Conference on Big Data, pp. 701–710 (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Ma, K., Yang, G. (2019). CABAC: A Content-Driven Attribute-Based Access Control Model for Big Data. In: Sun, X., Pan, Z., Bertino, E. (eds) Artificial Intelligence and Security. ICAIS 2019. Lecture Notes in Computer Science(), vol 11634. Springer, Cham. https://doi.org/10.1007/978-3-030-24271-8_46
Download citation
DOI: https://doi.org/10.1007/978-3-030-24271-8_46
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-24270-1
Online ISBN: 978-3-030-24271-8
eBook Packages: Computer ScienceComputer Science (R0)