Controlling and managing access to sensitive data has been an ongoing challenge for decades. Attribute Based Access Control (ABAC) represents the latest milestone in the evolution of logical access control methods. The goal of this inaugural Workshop on Attribute Based Access Control (ABAC '16), held in conjunction with the 6th ACM Conference on Data and Applications Security and Privacy (CODASPY 2016), is to foster a community of researchers interested in all aspects of attribute based access control. ABAC is a fine-grained and a flexible form of access control. To realize its full potential, a number of major challenges need to be addressed including formal modeling and analysis of ABAC such as its safety and expressive power, administrative models for ABAC, attribute assurance, ABAC policy engineering and mining, privacy concerns in ABAC, etc.
This inaugural ABAC '16 workshop features papers on various aspects of ABAC including formal models for ABAC and its relationship with XACML, data fusion concerns in attribute engineering, relevance of ABAC to application domains such as information sharing and online social networks, ABAC policy language for REST API, ABAC policy clustering, and trustworthiness of attributes. We hope the workshop attendees will find this wide variety of topics mto be insightful, and helpful in advancing the field of ABAC.
Proceeding Downloads
Label-Based Access Control: An ABAC Model with Enumerated Authorization Policy
There are two major techniques for specifying authorization policies in Attribute Based Access Control (ABAC) models. The more conventional approach is to define policies by using logical formulas involving attribute values. Examples in this category ...
Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC)
Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC) are very different attribute based access control standards with similar goals and objectives. An objective of both is to provide a standardized way for ...
Specification and Enforcement of Location-Aware Attribute-Based Access Control for Online Social Networks
Online social networks (OSNs) are gaining in popularity and are used by a large number of users with varied educational and socio-economic backgrounds. OSNs contain a plethora of personal information which, if misused, may cause enormous damage to ...
SMT-based Enforcement and Analysis of NATO Content-based Protection and Release Policies
NATO is developing a new IT infrastructure that will enable automated information sharing between different information security domains and provide strong separation between different communities of interest while supporting dynamic and flexible ...
A Policy Framework for Data Fusion and Derived Data Control
Recent years have seen an exponential growth of the collection and processing of data from heterogeneous sources for a variety of purposes. Several methods and techniques have been proposed to transform and fuse data into "useful" information. However, ...
RestACL: An Access Control Language for RESTful Services
This work describes an efficient Access Control Language for RESTful Services. The language follows the ideas of Attribute Based Access Control and utilizes the concepts of REST to enable a quick identification of policies that have to be evaluated to ...
Position Paper: Towards a Moving Target Defense Approach for Attribute-based Access Control
In recent years, attribute-based access control has been recognized as a convenient way to specify access mediation policies that leverage attributes originating from different security domains, e.g., independently-run organizations or supporting ...
Work in Progress: K-Nearest Neighbors Techniques for ABAC Policies Clustering
In this paper, we present an approach based on the K-Nearest Neighbors algorithms for policies clustering that aims to reduce the ABAC policies dimensionality for high scale systems. Since ABAC considers a very large set of attributes for access ...