Abstract
Attribute-based Access Control (ABAC) was recently proposed as a general model which is able to capture the main existing access control models. This paper discusses the problems of configuring ABAC and engineering access policies. We question how to design attributes, how to assign attributes to subjects, objects, actions, and how to formulate access policies which bind subjects to objects and actions via attributes.
Inspired by the role mining problem in Role-based Access Control, in this paper we propose the first attempt to formalise ABAC in a matrix form and define formally a problem of access policy engineering. Our approach is based on the XACML standard to be more practical.
This work was partly supported by EU-FP7-ICT NESSoS (256980) and PRIN Security Horizons funded by MIUR with D.D. 23.10.2012 n. 719, and EIT ICT Labs activity 13083.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering dac, mac and rbac. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 41–55. Springer, Heidelberg (2012)
Frank, M., Buhmann, J.M., Basin, D.: On the definition of role mining. In: Proceedings of SACMAT 2010, pp. 35–44. ACM (2010)
Kuhlmann, M., Shohat, D., Schimpf, G.: Role mining - revealing business roles for security administration using data mining technology. In: Proceedings of SACMAT 2003, pp. 179–186. ACM (2003)
Vaidya, J., Atluri, V., Guo, Q.: The role mining problem: Finding a minimal descriptive set of roles. In: Proceedings of SACMAT 2007, pp. 175–184. ACM (2007)
Vaidya, J., Atluri, V., Guo, Q.: The role mining problem: A formal perspective. ACM TISSEC 13(3), 27:1–27:31 (2010)
Lu, H., Vaidya, J., Atluri, V., Hong, Y.: Constraint-aware role mining via extended boolean matrix decomposition. IEEE TDSC 9(5), 655–669 (2012)
OASIS: extensible access control markup language (xacml) version 3.0. (January 2013), http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.pdf
Solo, A.M.G.: Multidimensional matrix mathematics. In: Proceedings of the World Congress on Engineering, vol. I, pp. 1824–1850. International Association of Engineers, Newswood Limited (2010)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed nist standard for role-based access control. ACM TISSEC 4(3), 224–274 (2001)
Sandhu, R., Park, J.: Usage control: A vision for next generation access control. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 17–31. Springer, Heidelberg (2003)
Lazouski, A., Martinelli, F., Mori, P.: Usage control in computer security: A survey. Elsevier Computer Science Review 4(2), 81–99 (2010)
Lazouski, A., Mancini, G., Martinelli, F., Mori, P.: Usage control in cloud systems. In: Proceedings of ICITST 2012, pp. 202–207. IEEE (2012)
Wang, L., Wijesekera, D., Jajodia, S.: A logic-based framework for attribute based access control. In: Proceedings of FMSE 2004, pp. 45–55. ACM (2004)
Crampton, J., Morisset, C.: PTaCL: A language for attribute-based access control in open systems. In: Degano, P., Guttman, J.D. (eds.) POST 2012. LNCS, vol. 7215, pp. 390–409. Springer, Heidelberg (2012)
Zhang, X., Parisi-Presicce, F., Sandhu, R., Park, J.: Formal model and policy specification of usage control. ACM TISSEC 8(4), 351–387 (2005)
Martinelli, F., Mori, P., Vaccarelli, A.: Towards continuous usage control on grid computational services. In: Proceedings of ICAS-ICNS 2005. IEEE (2005)
Krautsevich, L., Lazouski, A., Martinelli, F., Mori, P., Yautsiukhin, A.: Integration of quantitative methods for risk evaluation within usage control policies. In: Proceedings of ICCCN 2013. IEEE (to appear, 2013)
Krautsevich, L., Lazouski, A., Martinelli, F., Yautsiukhin, A.: Cost-effective enforcement of access and usage control policies under uncertainties. IEEE Systems Journal 7(2), 223–235 (2013)
Sandhu, R.S.: The authorization leap from rights to attributes: maturation or chaos? In: Proceedings of SACMAT 2012, pp. 69–70. ACM (2012)
Colantonio, A., Di Pietro, R., Ocello, A., Verde, N.V.: Mining stable roles in RBAC. In: Gritzalis, D., Lopez, J. (eds.) SEC 2009. IFIP AICT, vol. 297, pp. 259–269. Springer, Heidelberg (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer International Publishing Switzerland
About this paper
Cite this paper
Krautsevich, L., Lazouski, A., Martinelli, F., Yautsiukhin, A. (2013). Towards Policy Engineering for Attribute-Based Access Control. In: Bloem, R., Lipp, P. (eds) Trusted Systems. INTRUST 2013. Lecture Notes in Computer Science, vol 8292. Springer, Cham. https://doi.org/10.1007/978-3-319-03491-1_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-03491-1_6
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-03490-4
Online ISBN: 978-3-319-03491-1
eBook Packages: Computer ScienceComputer Science (R0)