Poster: A Flexible Relationship-Based Access Control Policy Generator
Authors: 
Stanley Clark, Nikolay Yakovets, George H. L. Fletcher, Nicola ZannoneAuthors Info & Claims
Stanley Clark, Nikolay Yakovets, George H. L. Fletcher, Nicola ZannoneAuthors Info & ClaimsPages 263 - 265
Abstract
A plethora of Relationship-Based Access Control (ReBAC) models have been proposed, varying in the types of policies they can express. This fragmentation has stifled the creation of a benchmark to directly compare the performance of ReBAC systems based on their common supported policies. To solve this problem, we propose RACON, a schema-driven, customisable ReBAC policy generator. RACON generates policies in an intermediate language subsuming the features required to encode existing ReBAC models. This language can subsequently be translated to popular ReBAC policy languages through an extensible translation module. Taking a view of ReBAC policies as graph queries, we implement translations into two popular graph query languages, namely Cypher and SPARQL.
References
[1]
Evangelos Aktoudianakis, Jason Crampton, Steve A. Schneider, Helen Treharne, and Adrian Waller. 2013. Policy templates for relationship-based access control. In Annual International Conference on Privacy, Security and Trust. IEEE, 221--228.
[2]
G. Bagan, A. Bonifati, R. Ciucanu, G. H. L. Fletcher, A. Lemay, and N. Advokaat. 2017. gMark: Schema-Driven Generation of Graphs and Queries. IEEE Transactions on Knowledge and Data Engineering 29, 4 (2017), 856--869.
[3]
Angela Bonifati, George H. L. Fletcher, Hannes Voigt, and Nikolay Yakovets. 2018. Querying Graphs. Morgan & Claypool Publishers.
[4]
Barbara Carminati and Elena Ferrari. 2011. Collaborative access control in on-line social networks. In International Conference on Collaborative Computing. IEEE, 231--240.
[5]
Yuan Cheng, Jaehong Park, and Ravi S. Sandhu. 2016. An Access Control Model for Online Social Networks Using User-to-User Relationships. IEEE Trans. Dependable Secur. Comput. 13, 4 (2016), 424--436.
[6]
Philip W. L. Fong and Ida Sri Rejeki Siahaan. 2011. Relationship-based access control policies and their policy languages. In SACMAT. ACM, 51--60.
[7]
Inc. JCC Consulting. 2022. Graph Query Language GQL. Retrieved April 13, 2022 from https://www.gqlstandards.org/
[8]
Jorge Lobo. 2019. Relationship-based access control: More than a social network access control model. Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery 9, 2 (2019), e1282.
[9]
Edelmira Pasarella and Jorge Lobo. 2017. A Datalog Framework for Modeling Relationship-based Access Control Policies. In SACMAT. ACM, 91--102.
[10]
Syed Zain R. Rizvi and Philip W. L. Fong. 2020. Efficient Authorization of Graph-database Queries in an Attribute-supporting ReBAC Model. ACM Trans. Priv. Secur. 23, 4 (2020), 18:1--18:33.
[11]
Zhongyuan Xu and Scott D Stoller. 2014. Mining attribute-based access control policies from logs. In IFIP Annual Conference on Data and Applications Security and Privacy. Springer, 276--291.
Index Terms
- Poster: A Flexible Relationship-Based Access Control Policy Generator
Recommendations
Mining Relationship-Based Access Control Policies
SACMAT '17 Abstracts: Proceedings of the 22nd ACM on Symposium on Access Control Models and TechnologiesRelationship-based access control (ReBAC) provides a high level of expressiveness and flexibility that promotes security and information sharing. We formulate ReBAC as an object-oriented extension of attribute-based access control (ABAC) in which ...
Interoperability of Relationship- and Role-Based Access Control
CODASPY '16: Proceedings of the Sixth ACM Conference on Data and Application Security and PrivacyRelationship-Based Access Control (ReBAC) was recently proposed as a general-purpose, application-layer access control paradigm, such that authorization decisions are based on the relationship between the access requestor and the resource owner. A first,...
Relationship-Based Access Control for an Open-Source Medical Records System
SACMAT '15: Proceedings of the 20th ACM Symposium on Access Control Models and TechnologiesInspired by the access control models of social network systems, Relationship-Based Access Control (ReBAC) was recently proposed as a general-purpose access control paradigm for application domains in which authorization must take into account the ...
Comments
Information & Contributors
Information
Published In
June 2022
282 pages
ISBN:9781450393577
DOI:10.1145/3532105
- General Chair:
- Sven Dietrich,
- Program Chairs:
- Omar Chowdhury,
- Daniel Takabi
Copyright © 2022 Owner/Author.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 08 June 2022
Check for updates
Author Tags
Qualifiers
- Poster
Conference
SACMAT '22
Sponsor:
SACMAT '22: The 27th ACM Symposium on Access Control Models and Technologies
June 8 - 10, 2022
NY, New York, USA
Acceptance Rates
Overall Acceptance Rate 177 of 597 submissions, 30%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 97Total Downloads
- Downloads (Last 12 months)8
- Downloads (Last 6 weeks)1
Reflects downloads up to 27 Feb 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in