Resource and Attribute Based Access Control Model for System with Huge Amounts of Resources

  • Gang LiuEmail author
  • Lu Fang
  • Quan Wang
  • Xiaoqian Qi
  • Juan Cui
  • Jiayu Liu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11204)


In information systems where there are a large number of different resources and the resource attributes change frequently, the security, reliability and dynamics of access permissions should be guaranteed. The changing raises security concerns related to authorization, and access control, but existing access control models are difficult to meet practical requirements. In this paper, a resource and attribute based access control model named RA-BAC was proposed. The model bases on attribute-based access control (ABAC) and links access control policy with resource, and redefines the access control rules. Besides, we compare RA-BAC and ABAC from the perspective of theory and simulation experiment respectively to show the advantage of RA-BAC model. We give a detailed analysis combining with instances to show the practicability of the RA-BAC model. RA-BAC solves the problems of policy conflict and policy library expansion in the ABAC model when there are too many resources and the attributes of resources are changed frequently in the system. Using RA-BAC model in system can makes permission query efficient and reduce workload of the system administrator of managing the policy library.


Access control Resource Attribute Attribute-based access control Policy conflict 



This work is supported by the National Natural Science Foundation (NNSF) of China (Grant No. 61572385).

Conflict of Interest Statement

There is no conflict of interest regarding the publication of this paper.


  1. 1.
    Aftab, M.U., Habib, M.A., Mehmood, N., Aslam, M., Irfan, M.: Attributed role based access control model. In: Information Assurance and Cyber Security, pp. 83–89 (2016)Google Scholar
  2. 2.
    Covington, M.J., Sastry, M.R.: A contextual attribute-based access control model. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006. LNCS, vol. 4278, pp. 1996–2006. Springer, Heidelberg (2006). Scholar
  3. 3.
    Fatema, K., Chadwick, D.W., Van Alsenoy, B.: Extracting access control and conflict resolution policies from European data protection law. In: Camenisch, J., Crispo, B., Fischer-Hübner, S., Leenes, R., Russello, G. (eds.) Privacy and Identity 2011. IAICT, vol. 375, pp. 59–72. Springer, Heidelberg (2012). Scholar
  4. 4.
    Hein, P., Biswas, D., Martucci, L.A., Muhlhauser, M.: Conflict detection and lifecycle management for access control in publish/subscribe systems. In: IEEE International Symposium on High-Assurance Systems Engineering, pp. 104–111 (2011)Google Scholar
  5. 5.
    Hu, V.C., et al.: Guide to attribute based access control (ABAC) definition and considerations. ITLB (2014)Google Scholar
  6. 6.
    Hu, V.C., Kuhn, D.R., Ferraiolo, D.F., Voas, J.: Attribute-based access control. Computer 48(2), 85–88 (2015)CrossRefGoogle Scholar
  7. 7.
    Kuhn, D.R., Coyne, E.J., Weil, T.R.: Adding attributes to role-based access control. Computer 43(6), 79–81 (2010)CrossRefGoogle Scholar
  8. 8.
    Ouldslimane, H., Bande, M., Boucheneb, H.: WiseShare: a collaborative environment for knowledge sharing governed by abac policies. In: International Conference on Collaborative Computing: Networking, Applications and Worksharing, pp. 21–29 (2012)Google Scholar
  9. 9.
    Riad, K., Yan, Z., Hu, H., Ahn, G.J.: AR-ABAC: a new attribute based access control model supporting attribute-rules for cloud computing. In: IEEE Conference on Collaboration and Internet Computing, pp. 28–35 (2015)Google Scholar
  10. 10.
    Shu, C., Yang, E.Y., Arenas, A.E.: Detecting conflicts in abac policies with rule reduction and binary-search techniques. In: IEEE International Symposium on Policies for Distributed Systems and Networks, pp. 182–185 (2009)Google Scholar
  11. 11.
    Singhal, A., Winograd, T., Scarfone, K.: Guide to secure web services. NIST Spec. Publ. 800(95), 4 (2007)Google Scholar
  12. 12.
    Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: IEEE International Conference on Web Services, pp. 561–569 (2005)Google Scholar
  13. 13.
    Zhong, J., Hou, S.J.: Attribute-based universal access control framework in open network environment. J. Comput. Appl. 30(10), 2632–2631 (2010)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Gang Liu
    • 1
    Email author
  • Lu Fang
    • 1
  • Quan Wang
    • 1
  • Xiaoqian Qi
    • 1
  • Juan Cui
    • 1
  • Jiayu Liu
    • 1
  1. 1.School of Computer Science and TechnologyXidian UniversityXianChina

Personalised recommendations