Skip to main content
SpringerLink
Log in

Samyukta: A Unified Access Control Model using Roles, Labels, and Attributes

  • Conference paper
  • First Online:
Information Systems Security (ICISS 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13784))

Included in the following conference series:

  • 377 Accesses

Abstract

Access control is one of the key mechanisms used for protecting system resources. While each of the existing access control models has its own benefits, it is difficult to satisfy all the requirements of a contemporary system with a single model. In this paper, we propose a unified model by combining three existing well-known models – Role-based Access Control (RBAC), Mandatory Access Control (MAC), and Attribute-based Access Control (ABAC) – in a novel way. The proposed model, named Samyukta, combines these three models in a modular way and uses them in a specific order so that the modules complement each other and we gain benefits of all three models. The widely used RBAC, with its roles, provides scalability, auditability, and easy management. With its labels, MAC provides Information Flow Control (IFC), and ABAC, with its attributes, provides flexible, context-aware, fine-grained access control. Along with these benefits, Samyukta also has advantages with respect to expressiveness, performance, and verifiability. We provide a relative comparison of our model with an existing model and also present a prototype implementation of Samyukta and demonstrate its efficiency.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Abdunabi, R., Al-Lail, M., Ray, I., France, R.B.: Specification, validation, and enforcement of a generalized spatio-temporal role-based access control model. IEEE Syst. J. 7(3), 501–515 (2013)

    Article  Google Scholar 

  2. Al-Kahtani, M.A., Sandhu, R.S.: A model for attribute-based user-role assignment. In: CSAC, pp. 353–362 (2002)

    Google Scholar 

  3. Barker, S.: The next 700 access control models or a unifying meta-model? In: SACMAT Proceedings, pp. 187–196 (2009)

    Google Scholar 

  4. Batra, G., Atluri, V., Vaidya, J., Sural, S.: Deploying ABAC policies using RBAC systems. J. Comput. Secur. 27(4), 483–506 (2019)

    Article  Google Scholar 

  5. Bell, D.E., LaPadula, L.J.: Secure computer systems: mathematical foundations. Technical report MTR-2547-VOL-1, MITRE Corp., Bedford, MA (1973)

    Google Scholar 

  6. Biba, K.J.: Integrity considerations for secure computer systems. Technical report. MTR-3153-REV-1, MITRE Corp., Bedford, MA (1977)

    Google Scholar 

  7. Brewer, D.F.C., Nash, M.J.: The Chinese wall security policy. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 206–214 (1989)

    Google Scholar 

  8. Chakraborty, S., Sandhu, R., Krishnan, R.: On the feasibility of RBAC to ABAC policy mining: a formal analysis. In: SKM, Proceedings, pp. 147–163 (2019)

    Google Scholar 

  9. Coyne, E., Weil, T.R.: ABAC and RBAC: scalable, flexible, and auditable access management. IT Prof. 15(3), 14–16 (2013)

    Article  Google Scholar 

  10. Damiani, M.L., Bertino, E., Catania, B., Perlasca, P.: GEO-RBAC: a spatially aware RBAC. ACM Trans. Inf. Syst. Secur. 10(1), 2 (2007)

    Article  Google Scholar 

  11. Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  12. Fernández, M., Mackie, I., Thuraisingham, B.M.: Specification and analysis of ABAC policies via the category-based metamodel. In: Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy, CODASPY 2019, pp. 173–184. ACM (2019)

    Google Scholar 

  13. Ferraiolo, D.F., Sandhu, R.S., Gavrila, S.I., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. 4(3), 224–274 (2001)

    Article  Google Scholar 

  14. Gofman, M.I., Luo, R., Solomon, A.C., Zhang, Y., Yang, P., Stoller, S.D.: RBAC-PAT: a policy analysis tool for role based access control. In: Proceedings TACAS, pp. 46–49 (2009)

    Google Scholar 

  15. Hu, V.C., Ferraiolo, D., Kuhn, R., Friedman, et al.: Guide to attribute based access control (ABAC) definition and considerations. NIST Spec. Pub. 800 (162) (2013)

    Google Scholar 

  16. Hu, V.C., Kuhn, D.R., Xie, T., Hwang, J.: Model checking for verification of mandatory access control models and properties. Int. J. Softw. Eng. Knowl. Eng. 21(1), 103–127 (2011)

    Article  Google Scholar 

  17. Huang, J., Nicol, D.M., Bobba, R., Huh, J.H.: A framework integrating attribute-based policies into role-based access control. In: SACMAT, pp. 187–196 (2012)

    Google Scholar 

  18. Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S.: Flexible support for multiple access control policies. ACM Trans. Database Syst. 26(2), 214–260 (2001)

    Article  MATH  Google Scholar 

  19. Jin, X., Krishnan, R., Sandhu, R.S.: A unified attribute-based access control model covering DAC, MAC and RBAC. In: DBSec 2012 Proceedings, pp. 41–55 (2012)

    Google Scholar 

  20. Jin, X., Sandhu, R.S., Krishnan, R.: RABAC: role-centric attribute-based access control. In: MMM-ACNS Proceedings, pp. 84–96 (2012)

    Google Scholar 

  21. Kafura, D.G., Gracanin, D.: An information flow control meta-model. In: Conti, M., Vaidya, J., Schaad, A. (eds.) 18th ACM Symposium on Access Control Models and Technologies, SACMAT, pp. 101–112. ACM (2013)

    Google Scholar 

  22. Kuhn, D.R.: Role based access control on MLS systems without kernel changes. In: Proceedings of the 3rd ACM Workshop on RBAC, pp. 25–32 (1998)

    Google Scholar 

  23. Kuhn, D.R., Coyne, E.J., Weil, T.R.: Adding attributes to role-based access control. IEEE Comput. 43(6), 79–81 (2010)

    Article  Google Scholar 

  24. Kumar, N.V.N., Shyamasundar, R.K.: A complete generative label model for lattice-based access control models. In: SEFM, Proceedings, pp. 35–53 (2017)

    Google Scholar 

  25. Mitra, B., Sural, S., Vaidya, J., Atluri, V.: Migrating from RBAC to temporal RBAC. IET Inf. Secur. 11(5), 294–300 (2017)

    Article  Google Scholar 

  26. Osborn, S.L.: Mandatory access control and role-based access control revisited. In: Proceedings of the 2nd Workshop on RBAC, pp. 31–40 (1997)

    Google Scholar 

  27. Osborn, S.L.: Information flow analysis of an RBAC system. In: SACMAT Proceedings, pp. 163–168 (2002)

    Google Scholar 

  28. Phillips, C., Demurjian, S., Ting, T.: Towards information assurance in dynamic coalitions. IEEE IAW, USMA (2002)

    Google Scholar 

  29. pyABAC: Attribute Based Access Control (ABAC) for python. https://py-abac.readthedocs.io. Accessed Dec 2020

  30. Rajpoot, Q.M., Jensen, C.D., Krishnan, R.: Attributes enhanced role-based access control model. In: TrustBus Proceedings, pp. 3–17 (2015)

    Google Scholar 

  31. Sandhu, R.S.: Role hierarchies and constraints for lattice-based access controls. In: Computer Security - ESORICS 96, Proceedings, pp. 65–79 (1996)

    Google Scholar 

  32. Sandhu, R.S., Ferraiolo, D.F., Kuhn, D.R.: The NIST model for role-based access control: towards a unified standard. In: Fifth ACM Workshop on RBAC, Berlin, Germany, 26–27 July 2000, pp. 47–63 (2000)

    Google Scholar 

  33. Stambouli, A., Logrippo, L.: Data flow analysis from capability lists, with application to RBAC. Inf. Process. Lett. 141, 30–40 (2019)

    Article  MathSciNet  MATH  Google Scholar 

  34. Tuval, N., Gudes, E.: Resolving information flow conflicts in RBAC systems. In: DBSec Proceedings, pp. 148–162 (2006)

    Google Scholar 

Download references

Acknowledgement

The work presented in this paper was done at the Indian Institute of Technology Bombay and was supported by the Information Security Research and Development Centre, Ministry of Electronics and Information Technology, Government of India.

Author information

Authors and Affiliations

  1. Indian Institute of Information Technology Dharwad, Dharwad, India

    B. S. Radhika

  2. Institute for Development and Research in Banking Technology, Hyderabad, India

    N. V. Narendra Kumar

  3. Indian Institute of Technology Bombay, Mumbai, India

    R. K. Shyamasundar

Authors
  1. B. S. Radhika
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. N. V. Narendra Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. R. K. Shyamasundar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to B. S. Radhika .

Editor information

Editors and Affiliations

  1. Indian Institute of Technology Tirupati, Tirupati, India

    Venkata Ramana Badarla

  2. CSIRO Data61, Sydney, NSW, Australia

    Surya Nepal

  3. Indian Institute of Technology Bombay, Mumbai, Maharashtra, India

    Rudrapatna K. Shyamasundar

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Radhika, B.S., Kumar, N.V.N., Shyamasundar, R.K. (2022). Samyukta: A Unified Access Control Model using Roles, Labels, and Attributes. In: Badarla, V.R., Nepal, S., Shyamasundar, R.K. (eds) Information Systems Security. ICISS 2022. Lecture Notes in Computer Science, vol 13784. Springer, Cham. https://doi.org/10.1007/978-3-031-23690-7_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-23690-7_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-23689-1

  • Online ISBN: 978-3-031-23690-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation