Abstract
Several access control models that use attributes have been proposed, although none so far is regarded as a definitive characterization of attribute-based access control (ABAC). Among these a recently proposed model is the attribute-based access matrix (ABAM) model [14] that extends the HRU model [4] by introducing attributes. In this paper we consider the finite case of ABAM, where the number of attributes is finite and the permissible values (i.e., domain) for each attribute is finite. Henceforth, we understand ABAM to mean finite ABAM. A separately developed model with finite attribute domains is PreUCON\(\mathrm {_A}\) [10], which is a sub-model of the usage control UCON model [9]. This paper explores the relationship between the expressive power of these two finite attribute domain models. Since the safety problem for HRU is undecidable it follows safety is also undecidable for ABAM, while it is known to be decidable for PreUCON\(\mathrm {_A}\) [10]. Hence ABAM cannot be reduced to PreUCON\(\mathrm {_A}\). We define a special case of ABAM called RL-ABAM2 and show that RL-ABAM2 and PreUCON\(\mathrm {_A}\) are equivalent in expressive power, but each has its own advantages. Finally, we propose a possible way to combine the advantages of these two models.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Al-Kahtani, M.A., Sandhu, R.: Rule-based RBAC with negative authorization. In: 20th IEEE ACSAC, pp. 405–415 (2004)
Bennett, P., Ray, I., France, R.: Modeling of online social network policies using an attribute-based access control framework. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2015. LNCS, vol. 9478, pp. 79–97. Springer, Heidelberg (2015). doi:10.1007/978-3-319-26961-0_6
Chadwick, D.W., Otenko, A., Ball, E.: Role-based access control with X. 509 attribute certificates. IEEE Internet Comput. 7(2), 62–69 (2003)
Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Commun. ACM 19(8), 461–471 (1976)
Hu, V.C., Ferraiolo, D., Kuhn, R., Friedman, A.R., Lang, A.J., Cogdell, M.M., Schnitzer, A., Sandlin, K., Miller, R., Scarfone, K.: Guide to attribute based access control (ABAC) definition and considerations. NIST Spec. Publ. 800, 162 (2014)
Hu, V.C., Kuhn, D.R., Ferraiolo, D.F.: Attribute-based access control. IEEE Comput. 48(2), 85–88 (2015)
Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering DAC, MAC and RBAC. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 41–55. Springer, Heidelberg (2012)
Kuhn, D.R., Coyne, E.J., Weil, T.R.: Adding attributes to role-based access control. IEEE Comput. 43(6), 79–81 (2010)
Park, J., Sandhu, R.: The UCON ABC usage control model. ACM Trans. Inf. Syst. Secur. (TISSEC) 7(8), 128–174 (2004)
Rajkumar, P.V., Sandhu, R.: Safety decidability for pre-authorization usage control with finite attribute domains. IEEE Trans. Dependable Secure Comput. no. 1, p. 1, PrePrints PrePrints. doi:10.1109/TDSC.2015.2427834
Sandhu, R.S.: The typed access matrix model. In: Research in Security and Privacy, pp. 122–136 (1992)
Tripunitara, M.V., Li, N.: A theory for comparing the expressive power of access control models. J. Comput. Secur. 15(2), 231–272 (2007)
Yong, J., Bertino, E., Roberts, M.T.D.: Extended RBAC with role attributes. In: PACIS 2006 Proceedings, p. 8 (2006)
Zhang, X., Li, Y., Nalla, D.: An attribute-based access matrix model. In: The 2005 ACM Symposium on Applied Computing, pp. 359–363 (2005)
Acknowledgement
This research is partially supported by NSF Grant CNS-1111925 and CNS-1423481.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Alshehri, A., Sandhu, R. (2016). On the Relationship Between Finite Domain ABAM and PreUCON\(\mathrm {_A}\) . In: Chen, J., Piuri, V., Su, C., Yung, M. (eds) Network and System Security. NSS 2016. Lecture Notes in Computer Science(), vol 9955. Springer, Cham. https://doi.org/10.1007/978-3-319-46298-1_22
Download citation
DOI: https://doi.org/10.1007/978-3-319-46298-1_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-46297-4
Online ISBN: 978-3-319-46298-1
eBook Packages: Computer ScienceComputer Science (R0)