Resource and Attribute Based Access Control Model for System with Huge Amounts of Resources
In information systems where there are a large number of different resources and the resource attributes change frequently, the security, reliability and dynamics of access permissions should be guaranteed. The changing raises security concerns related to authorization, and access control, but existing access control models are difficult to meet practical requirements. In this paper, a resource and attribute based access control model named RA-BAC was proposed. The model bases on attribute-based access control (ABAC) and links access control policy with resource, and redefines the access control rules. Besides, we compare RA-BAC and ABAC from the perspective of theory and simulation experiment respectively to show the advantage of RA-BAC model. We give a detailed analysis combining with instances to show the practicability of the RA-BAC model. RA-BAC solves the problems of policy conflict and policy library expansion in the ABAC model when there are too many resources and the attributes of resources are changed frequently in the system. Using RA-BAC model in system can makes permission query efficient and reduce workload of the system administrator of managing the policy library.
KeywordsAccess control Resource Attribute Attribute-based access control Policy conflict
This work is supported by the National Natural Science Foundation (NNSF) of China (Grant No. 61572385).
Conflict of Interest Statement
There is no conflict of interest regarding the publication of this paper.
- 1.Aftab, M.U., Habib, M.A., Mehmood, N., Aslam, M., Irfan, M.: Attributed role based access control model. In: Information Assurance and Cyber Security, pp. 83–89 (2016)Google Scholar
- 3.Fatema, K., Chadwick, D.W., Van Alsenoy, B.: Extracting access control and conflict resolution policies from European data protection law. In: Camenisch, J., Crispo, B., Fischer-Hübner, S., Leenes, R., Russello, G. (eds.) Privacy and Identity 2011. IAICT, vol. 375, pp. 59–72. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31668-5_5CrossRefGoogle Scholar
- 4.Hein, P., Biswas, D., Martucci, L.A., Muhlhauser, M.: Conflict detection and lifecycle management for access control in publish/subscribe systems. In: IEEE International Symposium on High-Assurance Systems Engineering, pp. 104–111 (2011)Google Scholar
- 5.Hu, V.C., et al.: Guide to attribute based access control (ABAC) definition and considerations. ITLB (2014)Google Scholar
- 8.Ouldslimane, H., Bande, M., Boucheneb, H.: WiseShare: a collaborative environment for knowledge sharing governed by abac policies. In: International Conference on Collaborative Computing: Networking, Applications and Worksharing, pp. 21–29 (2012)Google Scholar
- 9.Riad, K., Yan, Z., Hu, H., Ahn, G.J.: AR-ABAC: a new attribute based access control model supporting attribute-rules for cloud computing. In: IEEE Conference on Collaboration and Internet Computing, pp. 28–35 (2015)Google Scholar
- 10.Shu, C., Yang, E.Y., Arenas, A.E.: Detecting conflicts in abac policies with rule reduction and binary-search techniques. In: IEEE International Symposium on Policies for Distributed Systems and Networks, pp. 182–185 (2009)Google Scholar
- 11.Singhal, A., Winograd, T., Scarfone, K.: Guide to secure web services. NIST Spec. Publ. 800(95), 4 (2007)Google Scholar
- 12.Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: IEEE International Conference on Web Services, pp. 561–569 (2005)Google Scholar
- 13.Zhong, J., Hou, S.J.: Attribute-based universal access control framework in open network environment. J. Comput. Appl. 30(10), 2632–2631 (2010)Google Scholar