Skip to main content
SpringerLink
Log in
Book cover

International Conference on Network and System Security

NSS 2017: Network and System Security pp 257–272Cite as

Safety of ABAC\(_\alpha \) Is Decidable

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10394))

Abstract

The \(\mathrm {ABAC_\alpha }\) model was recently defined with the motivation to demonstrate a minimal set of capabilities for attribute-based access control (ABAC) which can configure typical forms of the three dominant traditional access control models: discretionary access control (DAC), mandatory access control (MAC) and role-based access control (RBAC). \(\mathrm {ABAC_\alpha }\) showed that attributes can express identities (for DAC), security labels (for MAC) and roles (for RBAC). Safety analysis is a fundamental problem for any access control model. Recently, it has been shown that the pre-authorization usage control model with finite attribute domains (\(\mathrm {UCON_{preA}^{finite}}\)) has decidable safety. \(\mathrm {ABAC_\alpha }\) is a pre-authorization model and requires finite attribute domains, but is otherwise quite different from \(\mathrm {UCON_{preA}^{finite}}\). This paper gives a state-matching reduction from \(\mathrm {ABAC_\alpha }\) to \(\mathrm {UCON_{preA}^{finite}}\). The notion of state-matching reductions was defined by Tripunitara and Li, as reductions that preserve security properties including safety. It follows that safety of \(\mathrm {ABAC_\alpha }\) is decidable.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    In the original definition of \(\mathrm {ABAC_\alpha }\) [4] subject creation and modification have identical policies. However, a correct configuration of MAC in \(\mathrm {ABAC_\alpha }\) requires different policies for these two operations. Hence, we define \(\mathrm {ABAC_\alpha }\) here to have separate policies for these two operations.

References

  1. Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Commun. ACM 19(8), 461–471 (1976). http://doi.acm.org/10.1145/360303.360333

    Article  MATH  Google Scholar 

  2. Hu, V.C., Ferrariolo, D., Kuhn, R., Schnitzer, A., Sandlin, K., Miller, R., Karen, S.: Guide to attribute based access control (ABAC) definitions and considerations. 2014 NIST Special Publication 800–162

    Google Scholar 

  3. Jin, X.: Attribute-Based Access Control Models and Implementation in Cloud Infrastructure as a Service. Ph.D. thesis, UTSA (2014)

    Google Scholar 

  4. Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering DAC, MAC and RBAC. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 41–55. Springer, Heidelberg (2012). doi:10.1007/978-3-642-31540-4_4

    Chapter  Google Scholar 

  5. Kolter, J., Schillinger, R., Pernul, G.: A privacy-enhanced attribute-based access control system. In: Barker, S., Ahn, G.-J. (eds.) DBSec 2007. LNCS, vol. 4602, pp. 129–143. Springer, Heidelberg (2007). doi:10.1007/978-3-540-73538-0_11

    Chapter  Google Scholar 

  6. Park, J., Sandhu, R.: The UCONabc usage control model. ACM TISSEC 7, 128–174 (2004)

    Article  Google Scholar 

  7. Rajkumar, P., Sandhu, R.: Safety decidability for pre-authorization usage control with finite attribute domains. IEEE Trans. Dependable Secure Comput. 13(5), 582–590 (2016)

    Article  Google Scholar 

  8. Shen, H.: A semantic-aware attribute-based access control model for web services. In: Hua, A., Chang, S.-L. (eds.) ICA3PP 2009. LNCS, vol. 5574, pp. 693–703. Springer, Heidelberg (2009). doi:10.1007/978-3-642-03095-6_65

    Chapter  Google Scholar 

  9. Tripunitara, M.V., Li, N.: A theory for comparing the expressive power of access control models. J. Comput. Secur. 15(2), 231–272 (2007)

    Article  Google Scholar 

  10. Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: Proceedings of the IEEE International Conference on Web Services, ICWS 2005, pp. 561–569 (2005). http://dx.doi.org/10.1109/ICWS.2005.25

Download references

Acknowledgments

This research is partially supported by NSF Grants CNS-1111925, CNS-1423481, CNS-1538418, and DoD ARL Grant W911NF-15-1-0518.

Author information

Authors and Affiliations

  1. Institute for Cyber Security and Department of Computer Science, University of Texas at San Antonio, One UTSA Circle, San Antonio, TX, 78249, USA

    Tahmina Ahmed & Ravi Sandhu

Authors
  1. Tahmina Ahmed
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ravi Sandhu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tahmina Ahmed .

Editor information

Editors and Affiliations

  1. Xidian University, Xi’an, China

    Zheng Yan

  2. Eurecom, Sophia Antipolos, Valbonne, France

    Refik Molva

  3. Warsaw University of Technology, Warsaw, Poland

    Wojciech Mazurczyk

  4. Aalto University, Espoo, Finland

    Raimo Kantola

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Ahmed, T., Sandhu, R. (2017). Safety of ABAC\(_\alpha \) Is Decidable. In: Yan, Z., Molva, R., Mazurczyk, W., Kantola, R. (eds) Network and System Security. NSS 2017. Lecture Notes in Computer Science(), vol 10394. Springer, Cham. https://doi.org/10.1007/978-3-319-64701-2_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-64701-2_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-64700-5

  • Online ISBN: 978-3-319-64701-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation