Abstract
Attribute-Based Access Control (ABAC) is an emerging model of access control that has gained significant interest in both recent academic literature and industry application. However, to date there have been almost no attempts to incorporate the concept of dynamic delegation into ABAC. This work lays out a number of possible strategies for incorporating delegation into existing ABAC models and discusses the potential trade-offs associated with each strategy. Delegation strategies are categorized into families that share a number of similar properties. It is our hope that this preliminary work will aid in future ABAC based delegation research by identifying and detailing the challenges and opportunities intrinsic to each method of integrating delegation.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Barka, E., Sandhu, R. et al.: A role-based delegation model and some extensions. In: NISSC 2000, pp. 396–404 (2000)
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: SP 2007, pp. 321–334 (2007)
Bijon, K.Z., Krishman, R., Sandhu, R.: Constraints specification in attribute based access control. Science 2(3), 131–144 (2013)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. Science 4(3), 224–274 (2001)
Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering DAC, MAC and RBAC. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 41–55. Springer, Heidelberg (2012). doi:10.1007/978-3-642-31540-4_4
Servos, D., Mohammed, S., Fiaidhi, J., Kim, T.: Extensions to Ciphertext-policy attribute-based encryption to support distributed environments. Science 47(2–3), 215–226 (2013)
Servos, D., Osborn, S.L.: HGABAC: towards a formal model of hierarchical attribute-based access control. In: Cuppens, F., Garcia-Alfaro, J., Zincir Heywood, N., Fong, P.W.L. (eds.) FPS 2014. LNCS, vol. 8930, pp. 187–204. Springer, Heidelberg (2015). doi:10.1007/978-3-319-17040-4_12
Turner, S., Housley, R. et al.: An Internet Attribute Certificate Profile for Authorization. RFC 5755, January 2010
Wang, H., Osborn, S.L.: Static and dynamic delegation in the role graph model. Science 23(10), 1569–1582 (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Servos, D., Osborn, S.L. (2017). Strategies for Incorporating Delegation into Attribute-Based Access Control (ABAC). In: Cuppens, F., Wang, L., Cuppens-Boulahia, N., Tawbi, N., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2016. Lecture Notes in Computer Science(), vol 10128. Springer, Cham. https://doi.org/10.1007/978-3-319-51966-1_21
Download citation
DOI: https://doi.org/10.1007/978-3-319-51966-1_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-51965-4
Online ISBN: 978-3-319-51966-1
eBook Packages: Computer ScienceComputer Science (R0)