Abstract
Role Based Access Control (RBAC) is well-known for ease of policy administration, whereas Attribute Based Access Control (ABAC) is renowned for flexible policy specification and dynamic decision making capability. However, they both have some well-known limitations. In this paper, we present an approach that uniquely combines the benefits of RBAC and ABAC. Specifically, our approach associates attribute based rules with roles and permissions that enables the specification of multi-dimensional fine-grained attribute enabled role-based policies. These policies along with rules are also stored as in-memory data, which helps in minimizing the execution time of access requests. Experiments on a wide range of policy data sets demonstrate feasibility and scalability of the proposed approach.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Hong, J., et al.: TAFC: time and attribute factors combined access control for time-sensitive data in public cloud. IEEE Trans. Serv. Comput. 1–14 (2018)
Daniel, S., Osborn, L.S.: Current research and open problems in attribute-based access control. ACM Comput. Surv. 4(49), 65:1–65:45 (2017)
Fatima, A., Ghazi, Y., Shibli, M.A., Abassi, A.G.: Towards attribute-centric access control: an ABAC versus RBAC argument. Secur. Commun. Netw. 9, 3152–3166 (2016)
Qi, H., Luo, X., Di, X., Li, J., Yang, H., Jiang, Z.: Access control model based on role and attribute and its implementation. In: Proceedings of the International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, pp. 66–71 (2016)
Rajpoot, Q.M., Jensen, C.D., Krishnan, R.: Attributes enhanced role-based access control model. In: Fischer-Hübner, S., Lambrinoudakis, C., Lopez, J. (eds.) TrustBus 2015. LNCS, vol. 9264, pp. 3–17. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22906-5_1
Singh, M.P., Sural, S., Atluri, V., Vaidya, J., Yakub, U.: Managing multi-dimensional multi-granular security policies using data warehousing. Network and System Security. LNCS, vol. 9408, pp. 221–235. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-25645-0_15
Vincent, C.Hu., et al.: Guide to attribute based access control definition and considerations. National Institute of Standards and Technology (2014)
Huang, J., Nicol, D.M., Bobba, R., Huh, J.H.: A framework integrating attribute- based policies into RBAC. In: Proceedings of the Symposium on Access Control Models and Technologies, pp. 187–196 (2012)
Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering DAC, MAC and RBAC. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 41–55. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31540-4_4
Jin, X., Sandhu, R., Krishnan, R.: RABAC: role-centric attribute-based access control. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 84–96. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33704-8_8
Kuhn, D.R., Coyne, E.J., Weil, T.R.: Adding attributes to role-based access control. IEEE Comput. 43, 79–81 (2010)
Aich, S., Mondal, S., Sural, S., Majumdar, A.K.: Role based access control with spatiotemporal context for mobile applications. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D. (eds.) Transactions on Computational Science IV. LNCS, vol. 5430, pp. 177–199. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01004-0_10
Ray, I., Toahchoodee, M.: A spatio-temporal role-based access control model. In: Barker, S., Ahn, G.-J. (eds.) DBSec 2007. LNCS, vol. 4602, pp. 211–226. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73538-0_16
Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC: a temporal role based access control model. ACM Trans. Inf. Syst. Secur. 4(3), 191–233 (2001)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. 4(3), 224–274 (2001)
Giuri, L., Iglio, P.: Role templates for content-based access control. In: Proceedings of the Workshop on Role-Based Access Control, pp. 153–159 (1997)
Sandhu, R., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role based access control models. IEEE Comput. 29, 38–47 (1996)
Bell, E.D., LaPadula, J.L.: Secure computer systems: unified exposition and multics interpretation. Technical report MTR-2997, The Mitre Corporation, Bedford (1976)
Graham, G., Denning, P.: Protection principles and practice. In: Proceedings of the American Federation of Information Processing Societies Spring Joint Computer Conference, pp. 417–429 (1972)
OASIS eXtensible access control markup language (XACML). http://docs.oasis-open.org/xacml/3.0/xacml-profile-saml2.0-v2-spec-en.html
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Singh, M.P., Sudharsan, S., Vani, M. (2019). ARBAC: Attribute-Enabled Role Based Access Control Model. In: Nandi, S., Jinwala, D., Singh, V., Laxmi, V., Gaur, M., Faruki, P. (eds) Security and Privacy. ISEA-ISAP 2019. Communications in Computer and Information Science, vol 939. Springer, Singapore. https://doi.org/10.1007/978-981-13-7561-3_8
Download citation
DOI: https://doi.org/10.1007/978-981-13-7561-3_8
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-7560-6
Online ISBN: 978-981-13-7561-3
eBook Packages: Computer ScienceComputer Science (R0)