Abstract
Attribute-based access control (ABAC) is a promising alternative to traditional models of access control (i.e. discretionary access control (DAC), mandatory access control (MAC) and role-based access control (RBAC)) that is drawing attention in both recent academic literature and industry application. However, formalization of a foundational model of ABAC and large scale adoption are still lacking. This paper seeks to aid in the transition by providing a formal model of hierarchical ABAC, called Hierarchical Group and Attribute-Based Access Control (or HGABAC), which includes attribute inheritance through user and object groups as well as environment, connection and administrative attributes. A formal specification and an attribute-based policy language are provided. Finally, several example configurations (which demonstrate the versatility of the model) are presented and evaluated.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bell, D., Padula, L.: Secure Computer Systems: Mathematical Foundations and Model. Mitre, Bedford (1974)
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, SP 2007, pp. 321–334. IEEE (2007)
Chandran, S.M., Joshi, J.B.D.: LoT-RBAC: a location and time-based RBAC model. In: Ngu, A.H.H., Kitsuregawa, M., Neuhold, E.J., Chung, J.-Y., Sheng, Q.Z. (eds.) WISE 2005. LNCS, vol. 3806, pp. 361–375. Springer, Heidelberg (2005)
Chen, L., Crampton, J.: Risk-aware role-based access control. In: Meadows, C., Fernandez-Gago, C. (eds.) STM 2011. LNCS, vol. 7170, pp. 140–156. Springer, Heidelberg (2012)
Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. (TISSEC) 4(3), 224–274 (2001)
Godik, S., Anderson, A., Parducci, B., Humenn, P., Vajjhala, S.: OASIS extensible access control 2 markup language (XACML) 3. Technical report, OASIS (2002)
Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering DAC, MAC and RBAC. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 41–55. Springer, Heidelberg (2012)
Kleene, S.C.: On notation for ordinal numbers. J. Symb. Log. 3(4), 150–155 (1938)
Kuhn, D.R., Coyne, E.J., Weil, T.R.: Adding attributes to role-based access control. IEEE Comput. 43(6), 79–81 (2010)
Lampson, B.W.: Protection. ACM SIGOPS Oper. Syst. Rev. 8(1), 18–24 (1974)
Lang, B., Foster, I., Siebenlist, F., Ananthakrishnan, R., Freeman, T.: A flexible attribute based access control method for grid computing. J. Grid Comput. 7(2), 169–180 (2009)
Osborn, S., Sandhu, R., Munawer, Q.: Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Trans. Inf. Syst. Secur. (TISSEC) 3(2), 85–106 (2000)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)
Servos, D.: A role and attribute based encryption approach to privacy and security in cloud based health services. Master’s thesis, Lakehead University (2012)
Servos, D., Mohammed, S., Fiaidhi, J., Kim, T.-H.: Extensions to ciphertext-policy attribute-based encryption to support distributed environments. Int. J. Comput. Appl. Technol. 47(2), 215–226 (2013)
Shen, H.-B., Hong,F.: An attribute-based access control model for web services. In: Seventh International Conference on Parallel and Distributed Computing, Applications and Technologies, PDCAT 2006, pp. 74–79. IEEE (2006)
Wang, L., Wijesekera, D., Jajodia,S.: A logic-based framework for attribute based access control. In Proceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering, pp. 45–55. ACM (2004)
Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: Proceedings of the 2005 IEEE International Conference on Web Services, ICWS 2005. IEEE (2005)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Servos, D., Osborn, S.L. (2015). HGABAC: Towards a Formal Model of Hierarchical Attribute-Based Access Control. In: Cuppens, F., Garcia-Alfaro, J., Zincir Heywood, N., Fong, P. (eds) Foundations and Practice of Security. FPS 2014. Lecture Notes in Computer Science(), vol 8930. Springer, Cham. https://doi.org/10.1007/978-3-319-17040-4_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-17040-4_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-17039-8
Online ISBN: 978-3-319-17040-4
eBook Packages: Computer ScienceComputer Science (R0)