Skip to main content
SpringerLink
Log in

HGABAC: Towards a Formal Model of Hierarchical Attribute-Based Access Control

  • Conference paper
  • First Online:
Foundations and Practice of Security (FPS 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8930))

Included in the following conference series:

Abstract

Attribute-based access control (ABAC) is a promising alternative to traditional models of access control (i.e. discretionary access control (DAC), mandatory access control (MAC) and role-based access control (RBAC)) that is drawing attention in both recent academic literature and industry application. However, formalization of a foundational model of ABAC and large scale adoption are still lacking. This paper seeks to aid in the transition by providing a formal model of hierarchical ABAC, called Hierarchical Group and Attribute-Based Access Control (or HGABAC), which includes attribute inheritance through user and object groups as well as environment, connection and administrative attributes. A formal specification and an attribute-based policy language are provided. Finally, several example configurations (which demonstrate the versatility of the model) are presented and evaluated.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Bell, D., Padula, L.: Secure Computer Systems: Mathematical Foundations and Model. Mitre, Bedford (1974)

    Google Scholar 

  2. Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, SP 2007, pp. 321–334. IEEE (2007)

    Google Scholar 

  3. Chandran, S.M., Joshi, J.B.D.: LoT-RBAC: a location and time-based RBAC model. In: Ngu, A.H.H., Kitsuregawa, M., Neuhold, E.J., Chung, J.-Y., Sheng, Q.Z. (eds.) WISE 2005. LNCS, vol. 3806, pp. 361–375. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  4. Chen, L., Crampton, J.: Risk-aware role-based access control. In: Meadows, C., Fernandez-Gago, C. (eds.) STM 2011. LNCS, vol. 7170, pp. 140–156. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  5. Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)

    Article  MATH  MathSciNet  Google Scholar 

  6. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. (TISSEC) 4(3), 224–274 (2001)

    Article  Google Scholar 

  7. Godik, S., Anderson, A., Parducci, B., Humenn, P., Vajjhala, S.: OASIS extensible access control 2 markup language (XACML) 3. Technical report, OASIS (2002)

    Google Scholar 

  8. Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering DAC, MAC and RBAC. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 41–55. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  9. Kleene, S.C.: On notation for ordinal numbers. J. Symb. Log. 3(4), 150–155 (1938)

    Article  MathSciNet  Google Scholar 

  10. Kuhn, D.R., Coyne, E.J., Weil, T.R.: Adding attributes to role-based access control. IEEE Comput. 43(6), 79–81 (2010)

    Article  Google Scholar 

  11. Lampson, B.W.: Protection. ACM SIGOPS Oper. Syst. Rev. 8(1), 18–24 (1974)

    Article  Google Scholar 

  12. Lang, B., Foster, I., Siebenlist, F., Ananthakrishnan, R., Freeman, T.: A flexible attribute based access control method for grid computing. J. Grid Comput. 7(2), 169–180 (2009)

    Article  Google Scholar 

  13. Osborn, S., Sandhu, R., Munawer, Q.: Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Trans. Inf. Syst. Secur. (TISSEC) 3(2), 85–106 (2000)

    Article  Google Scholar 

  14. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

  15. Servos, D.: A role and attribute based encryption approach to privacy and security in cloud based health services. Master’s thesis, Lakehead University (2012)

    Google Scholar 

  16. Servos, D., Mohammed, S., Fiaidhi, J., Kim, T.-H.: Extensions to ciphertext-policy attribute-based encryption to support distributed environments. Int. J. Comput. Appl. Technol. 47(2), 215–226 (2013)

    Article  Google Scholar 

  17. Shen, H.-B., Hong,F.: An attribute-based access control model for web services. In: Seventh International Conference on Parallel and Distributed Computing, Applications and Technologies, PDCAT 2006, pp. 74–79. IEEE (2006)

    Google Scholar 

  18. Wang, L., Wijesekera, D., Jajodia,S.: A logic-based framework for attribute based access control. In Proceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering, pp. 45–55. ACM (2004)

    Google Scholar 

  19. Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: Proceedings of the 2005 IEEE International Conference on Web Services, ICWS 2005. IEEE (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Western University, London, ON, Canada

    Daniel Servos & Sylvia L. Osborn

Authors
  1. Daniel Servos
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sylvia L. Osborn
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Daniel Servos .

Editor information

Editors and Affiliations

  1. TELECOM Bretagne, Cesson Sévigné, France

    Frédéric Cuppens

  2. TELECOM SudParis, Evry, France

    Joaquin Garcia-Alfaro

  3. Dalhousie University, Halifax, Nova Scotia, Canada

    Nur Zincir Heywood

  4. University of Calgary, Calgary, Canada

    Philip W. L. Fong

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Servos, D., Osborn, S.L. (2015). HGABAC: Towards a Formal Model of Hierarchical Attribute-Based Access Control. In: Cuppens, F., Garcia-Alfaro, J., Zincir Heywood, N., Fong, P. (eds) Foundations and Practice of Security. FPS 2014. Lecture Notes in Computer Science(), vol 8930. Springer, Cham. https://doi.org/10.1007/978-3-319-17040-4_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-17040-4_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-17039-8

  • Online ISBN: 978-3-319-17040-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation