Skip to main content
SpringerLink
Log in
Book cover

International Conference on Network and System Security

NSS 2016: Network and System Security pp 333–346Cite as

On the Relationship Between Finite Domain ABAM and PreUCON\(\mathrm {_A}\)

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9955))

Abstract

Several access control models that use attributes have been proposed, although none so far is regarded as a definitive characterization of attribute-based access control (ABAC). Among these a recently proposed model is the attribute-based access matrix (ABAM) model [14] that extends the HRU model [4] by introducing attributes. In this paper we consider the finite case of ABAM, where the number of attributes is finite and the permissible values (i.e., domain) for each attribute is finite. Henceforth, we understand ABAM to mean finite ABAM. A separately developed model with finite attribute domains is PreUCON\(\mathrm {_A}\) [10], which is a sub-model of the usage control UCON model [9]. This paper explores the relationship between the expressive power of these two finite attribute domain models. Since the safety problem for HRU is undecidable it follows safety is also undecidable for ABAM, while it is known to be decidable for PreUCON\(\mathrm {_A}\) [10]. Hence ABAM cannot be reduced to PreUCON\(\mathrm {_A}\). We define a special case of ABAM called RL-ABAM2 and show that RL-ABAM2 and PreUCON\(\mathrm {_A}\) are equivalent in expressive power, but each has its own advantages. Finally, we propose a possible way to combine the advantages of these two models.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Al-Kahtani, M.A., Sandhu, R.: Rule-based RBAC with negative authorization. In: 20th IEEE ACSAC, pp. 405–415 (2004)

    Google Scholar 

  2. Bennett, P., Ray, I., France, R.: Modeling of online social network policies using an attribute-based access control framework. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2015. LNCS, vol. 9478, pp. 79–97. Springer, Heidelberg (2015). doi:10.1007/978-3-319-26961-0_6

    Chapter  Google Scholar 

  3. Chadwick, D.W., Otenko, A., Ball, E.: Role-based access control with X. 509 attribute certificates. IEEE Internet Comput. 7(2), 62–69 (2003)

    Article  Google Scholar 

  4. Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Commun. ACM 19(8), 461–471 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  5. Hu, V.C., Ferraiolo, D., Kuhn, R., Friedman, A.R., Lang, A.J., Cogdell, M.M., Schnitzer, A., Sandlin, K., Miller, R., Scarfone, K.: Guide to attribute based access control (ABAC) definition and considerations. NIST Spec. Publ. 800, 162 (2014)

    Google Scholar 

  6. Hu, V.C., Kuhn, D.R., Ferraiolo, D.F.: Attribute-based access control. IEEE Comput. 48(2), 85–88 (2015)

    Article  Google Scholar 

  7. Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering DAC, MAC and RBAC. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 41–55. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  8. Kuhn, D.R., Coyne, E.J., Weil, T.R.: Adding attributes to role-based access control. IEEE Comput. 43(6), 79–81 (2010)

    Article  Google Scholar 

  9. Park, J., Sandhu, R.: The UCON ABC usage control model. ACM Trans. Inf. Syst. Secur. (TISSEC) 7(8), 128–174 (2004)

    Article  Google Scholar 

  10. Rajkumar, P.V., Sandhu, R.: Safety decidability for pre-authorization usage control with finite attribute domains. IEEE Trans. Dependable Secure Comput. no. 1, p. 1, PrePrints PrePrints. doi:10.1109/TDSC.2015.2427834

    Google Scholar 

  11. Sandhu, R.S.: The typed access matrix model. In: Research in Security and Privacy, pp. 122–136 (1992)

    Google Scholar 

  12. Tripunitara, M.V., Li, N.: A theory for comparing the expressive power of access control models. J. Comput. Secur. 15(2), 231–272 (2007)

    Article  Google Scholar 

  13. Yong, J., Bertino, E., Roberts, M.T.D.: Extended RBAC with role attributes. In: PACIS 2006 Proceedings, p. 8 (2006)

    Google Scholar 

  14. Zhang, X., Li, Y., Nalla, D.: An attribute-based access matrix model. In: The 2005 ACM Symposium on Applied Computing, pp. 359–363 (2005)

    Google Scholar 

Download references

Acknowledgement

This research is partially supported by NSF Grant CNS-1111925 and CNS-1423481.

Author information

Authors and Affiliations

  1. Department of Computer Science, Institute for Cyber Security, University of Texas at San Antonio, One UTSA Circle, San Antonio, 78249, USA

    Asma Alshehri & Ravi Sandhu

Authors
  1. Asma Alshehri
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ravi Sandhu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Asma Alshehri or Ravi Sandhu .

Editor information

Editors and Affiliations

  1. Central China Normal University , Wuhan, China

    Jiageng Chen

  2. Università degli Studi di Milano , Crema (CR), Italy

    Vincenzo Piuri

  3. Osaka University , Osaka, Japan

    Chunhua Su

  4. Columbia University , New York, New York, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Alshehri, A., Sandhu, R. (2016). On the Relationship Between Finite Domain ABAM and PreUCON\(\mathrm {_A}\) . In: Chen, J., Piuri, V., Su, C., Yung, M. (eds) Network and System Security. NSS 2016. Lecture Notes in Computer Science(), vol 9955. Springer, Cham. https://doi.org/10.1007/978-3-319-46298-1_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-46298-1_22

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-46297-4

  • Online ISBN: 978-3-319-46298-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation