Skip to main content
SpringerLink
Log in
Book cover

International Symposium on Foundations and Practice of Security

FPS 2016: Foundations and Practice of Security pp 320–328Cite as

Strategies for Incorporating Delegation into Attribute-Based Access Control (ABAC)

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10128))

Abstract

Attribute-Based Access Control (ABAC) is an emerging model of access control that has gained significant interest in both recent academic literature and industry application. However, to date there have been almost no attempts to incorporate the concept of dynamic delegation into ABAC. This work lays out a number of possible strategies for incorporating delegation into existing ABAC models and discusses the potential trade-offs associated with each strategy. Delegation strategies are categorized into families that share a number of similar properties. It is our hope that this preliminary work will aid in future ABAC based delegation research by identifying and detailing the challenges and opportunities intrinsic to each method of integrating delegation.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Barka, E., Sandhu, R. et al.: A role-based delegation model and some extensions. In: NISSC 2000, pp. 396–404 (2000)

    Google Scholar 

  2. Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: SP 2007, pp. 321–334 (2007)

    Google Scholar 

  3. Bijon, K.Z., Krishman, R., Sandhu, R.: Constraints specification in attribute based access control. Science 2(3), 131–144 (2013)

    Google Scholar 

  4. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. Science 4(3), 224–274 (2001)

    Google Scholar 

  5. Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering DAC, MAC and RBAC. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 41–55. Springer, Heidelberg (2012). doi:10.1007/978-3-642-31540-4_4

    Chapter  Google Scholar 

  6. Servos, D., Mohammed, S., Fiaidhi, J., Kim, T.: Extensions to Ciphertext-policy attribute-based encryption to support distributed environments. Science 47(2–3), 215–226 (2013)

    Google Scholar 

  7. Servos, D., Osborn, S.L.: HGABAC: towards a formal model of hierarchical attribute-based access control. In: Cuppens, F., Garcia-Alfaro, J., Zincir Heywood, N., Fong, P.W.L. (eds.) FPS 2014. LNCS, vol. 8930, pp. 187–204. Springer, Heidelberg (2015). doi:10.1007/978-3-319-17040-4_12

    Google Scholar 

  8. Turner, S., Housley, R. et al.: An Internet Attribute Certificate Profile for Authorization. RFC 5755, January 2010

    Google Scholar 

  9. Wang, H., Osborn, S.L.: Static and dynamic delegation in the role graph model. Science 23(10), 1569–1582 (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. The University of Western Ontario, London, Ontario, N6A 5B7, Canada

    Daniel Servos & Sylvia L. Osborn

Authors
  1. Daniel Servos
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sylvia L. Osborn
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Daniel Servos .

Editor information

Editors and Affiliations

  1. Télécom Bretagne, Cesson Sévigné, France

    Frédéric Cuppens

  2. Concordia Inst for Info, Concordia University, Montreal, Québec, Canada

    Lingyu Wang

  3. Cesson-Sevigne, Télécom Bretagne, Cesson Sévigné, France

    Nora Cuppens-Boulahia

  4. Local 3950, pavillon Adrien Pouliot, Université Laval, Quebec, Québec, Canada

    Nadia Tawbi

  5. Télécom SudParis, Evry, France

    Joaquin Garcia-Alfaro

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Servos, D., Osborn, S.L. (2017). Strategies for Incorporating Delegation into Attribute-Based Access Control (ABAC). In: Cuppens, F., Wang, L., Cuppens-Boulahia, N., Tawbi, N., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2016. Lecture Notes in Computer Science(), vol 10128. Springer, Cham. https://doi.org/10.1007/978-3-319-51966-1_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-51966-1_21

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-51965-4

  • Online ISBN: 978-3-319-51966-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation