Skip to main content
SpringerLink
Log in

Towards Policy Engineering for Attribute-Based Access Control

  • Conference paper
Trusted Systems (INTRUST 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8292))

Included in the following conference series:

Abstract

Attribute-based Access Control (ABAC) was recently proposed as a general model which is able to capture the main existing access control models. This paper discusses the problems of configuring ABAC and engineering access policies. We question how to design attributes, how to assign attributes to subjects, objects, actions, and how to formulate access policies which bind subjects to objects and actions via attributes.

Inspired by the role mining problem in Role-based Access Control, in this paper we propose the first attempt to formalise ABAC in a matrix form and define formally a problem of access policy engineering. Our approach is based on the XACML standard to be more practical.

This work was partly supported by EU-FP7-ICT NESSoS (256980) and PRIN Security Horizons funded by MIUR with D.D. 23.10.2012 n. 719, and EIT ICT Labs activity 13083.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering dac, mac and rbac. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 41–55. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  2. Frank, M., Buhmann, J.M., Basin, D.: On the definition of role mining. In: Proceedings of SACMAT 2010, pp. 35–44. ACM (2010)

    Google Scholar 

  3. Kuhlmann, M., Shohat, D., Schimpf, G.: Role mining - revealing business roles for security administration using data mining technology. In: Proceedings of SACMAT 2003, pp. 179–186. ACM (2003)

    Google Scholar 

  4. Vaidya, J., Atluri, V., Guo, Q.: The role mining problem: Finding a minimal descriptive set of roles. In: Proceedings of SACMAT 2007, pp. 175–184. ACM (2007)

    Google Scholar 

  5. Vaidya, J., Atluri, V., Guo, Q.: The role mining problem: A formal perspective. ACM TISSEC 13(3), 27:1–27:31 (2010)

    Google Scholar 

  6. Lu, H., Vaidya, J., Atluri, V., Hong, Y.: Constraint-aware role mining via extended boolean matrix decomposition. IEEE TDSC 9(5), 655–669 (2012)

    Google Scholar 

  7. OASIS: extensible access control markup language (xacml) version 3.0. (January 2013), http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.pdf

  8. Solo, A.M.G.: Multidimensional matrix mathematics. In: Proceedings of the World Congress on Engineering, vol. I, pp. 1824–1850. International Association of Engineers, Newswood Limited (2010)

    Google Scholar 

  9. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed nist standard for role-based access control. ACM TISSEC 4(3), 224–274 (2001)

    Article  Google Scholar 

  10. Sandhu, R., Park, J.: Usage control: A vision for next generation access control. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 17–31. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  11. Lazouski, A., Martinelli, F., Mori, P.: Usage control in computer security: A survey. Elsevier Computer Science Review 4(2), 81–99 (2010)

    Article  Google Scholar 

  12. Lazouski, A., Mancini, G., Martinelli, F., Mori, P.: Usage control in cloud systems. In: Proceedings of ICITST 2012, pp. 202–207. IEEE (2012)

    Google Scholar 

  13. Wang, L., Wijesekera, D., Jajodia, S.: A logic-based framework for attribute based access control. In: Proceedings of FMSE 2004, pp. 45–55. ACM (2004)

    Google Scholar 

  14. Crampton, J., Morisset, C.: PTaCL: A language for attribute-based access control in open systems. In: Degano, P., Guttman, J.D. (eds.) POST 2012. LNCS, vol. 7215, pp. 390–409. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  15. Zhang, X., Parisi-Presicce, F., Sandhu, R., Park, J.: Formal model and policy specification of usage control. ACM TISSEC 8(4), 351–387 (2005)

    Article  Google Scholar 

  16. Martinelli, F., Mori, P., Vaccarelli, A.: Towards continuous usage control on grid computational services. In: Proceedings of ICAS-ICNS 2005. IEEE (2005)

    Google Scholar 

  17. Krautsevich, L., Lazouski, A., Martinelli, F., Mori, P., Yautsiukhin, A.: Integration of quantitative methods for risk evaluation within usage control policies. In: Proceedings of ICCCN 2013. IEEE (to appear, 2013)

    Google Scholar 

  18. Krautsevich, L., Lazouski, A., Martinelli, F., Yautsiukhin, A.: Cost-effective enforcement of access and usage control policies under uncertainties. IEEE Systems Journal 7(2), 223–235 (2013)

    Article  Google Scholar 

  19. Sandhu, R.S.: The authorization leap from rights to attributes: maturation or chaos? In: Proceedings of SACMAT 2012, pp. 69–70. ACM (2012)

    Google Scholar 

  20. Colantonio, A., Di Pietro, R., Ocello, A., Verde, N.V.: Mining stable roles in RBAC. In: Gritzalis, D., Lopez, J. (eds.) SEC 2009. IFIP AICT, vol. 297, pp. 259–269. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Istituto di Informatica e Telematica Consiglio Nazionale delle Ricerche, Italy

    Leanid Krautsevich, Aliaksandr Lazouski, Fabio Martinelli & Artsiom Yautsiukhin

Authors
  1. Leanid Krautsevich
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Aliaksandr Lazouski
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Fabio Martinelli
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Artsiom Yautsiukhin
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute for Applied Processing and Communications, Graz University of Technology, Austria

    Roderick Bloem

  2. Institute for Applied Processing and Communications, Graz University of Technology, Graz, Austria

    Peter Lipp

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer International Publishing Switzerland

About this paper

Cite this paper

Krautsevich, L., Lazouski, A., Martinelli, F., Yautsiukhin, A. (2013). Towards Policy Engineering for Attribute-Based Access Control. In: Bloem, R., Lipp, P. (eds) Trusted Systems. INTRUST 2013. Lecture Notes in Computer Science, vol 8292. Springer, Cham. https://doi.org/10.1007/978-3-319-03491-1_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-03491-1_6

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-03490-4

  • Online ISBN: 978-3-319-03491-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation