Abstract
Attribute-Based Access Control (ABAC) is a promising approach for addressing intricate management requirements in dynamic and distributed environments. Nevertheless, because of lacking flexible access exception handling mechanism, rigid rules in ABAC influence the resource availability and ultimately the working efficiency. In this paper, we propose a novel fuzzy ABAC model (FABAC) that extends the ABAC with better usability. We introduce the fuzzy mechanism into decision-making process. Based on the membership grades of requests to rules and the spare credits of respective subjects, our framework permits additional requests failing in rule matching, thus enhancing the information flows in business processes. Furthermore, we develop the credit system with history-based recovery mechanism, wherein the subject’s credits and corresponding recovery rate are impacted by the past authorizations on substandard requests, for maintaining the risk of abuse under control. The analysis reveals that our model contributes to attaining better tradeoff between security and usability.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Any negative rule can be transformed to positive rule.
References
Dinh, H.T., Lee, C., Niyato, D., Wang, P.: A survey of mobile cloud computing: architecture, applications, and approaches. Wirel. Commun. Mob. Comput. 13(18), 587–1611 (2013)
Li, N.: Discretionary access control. In: van Tilborg, H.C.A., Jajodia, S. (eds.) Encyclopedia of Cryptography and Security, pp. 353–356. Springer, Heidelberg (2011). https://doi.org/10.1007/978-1-4419-5906-5_798
Lindqvist, H.: Mandatory access control. Master’s thesis, Umea University, Sweden (2006)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Comput. 29(2), 38–47 (1996)
Hu, C., Ferraiolo, D., Kuhn, R., Schnitzer, A., Sandlin, K., Scarfone, K.: Guide to attribute based access control (ABAC) definition and considerations (draft). NIST Special Publication 800-162 (2014)
Li, X., Feng, D., Chen, Z., Fang, Z.: Model for attribute based access control. J. Commun. 29(4), 90–98 (2008). (in Chinese)
Jin, X.: Attribute-based access control models and implementation in cloud infrastructure as a service. Ph.D. dissertation, The University of Texas at San Antonio, America (2014)
Sookhak, M., Yu, F.R., Khan, M.K., Xiang, Y., Buyya, R.: Attribute-based data access control in mobile cloud computing: taxonomy and open issues. Future Gener. Comput. Syst. 72, 273–287 (2017). Elsevier
Ngo, C., Demchenko, Y., de Laat, C.: Multi-tenant attribute-based access control for cloud infrastructure services. J. Inf. Secur. Appl. 27, 65–84 (2016). Elseiver
Axiomatics. https://www.axiomatics.com/
Cheng, P.C., Rohatgi, P., Keser, C., Karger, P.A., Wagner, G.M., Reninger, A.S.: Fuzzy multi-level security: an experiment on quantified risk-adaptive access control. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 222–230. IEEE (2007)
Martínez-García, C., Navarro-Arribas, G., Borrell, J.: Fuzzy role-based access control. Inf. Process. Lett. 111(10), 483–487 (2011). Elsevier
Dimmock, N., Belokosztolszki, A., Eyers, D., Bacon, J., Moody, K.: Using trust and risk in role-based access control policies. In: Proceedings of 9th ACM Symposium on Access Control Models and Technologies, pp. 156–162. ACM (2004)
Mahalle, P.N., Thakre, P.A., Prasad, N.R., Prasad, R.: A fuzzy approach to trust based access control in internet of things. In: Proceedings of 3rd International Conference on Wireless Communications, Vehicular Technology, Information Theory and Aerospace & Electronic Systems (VITAE), pp. 1–5. IEEE (2013)
Feng, F., Lin, C., Peng, D., Li, J.: A trust and context based access control model for distributed systems. In: Proceedings of 10th IEEE International Conference on High Performance Computing and Communications, pp. 629–634. IEEE (2008)
Bhatti, R., Bertino, E., Ghafoor, A.: A trust-based context-aware access control model for web-services. Distrib. Parallel Databases 18(1), 83–105 (2005). Springer
Zadeh, L.A.: Fuzzy sets. Inf. Control 8(3), 338–353 (1965). Elsevier
Servos, D., Osborn, S.L.: Current research and open problems in attribute-based access control. ACM Comput. Surv. 49(4), 65–107 (2017)
Mamdani, E.H., Assilian, S.: An experiment in linguistic synthesis with a fuzzy logic controller. Int. J. Man-Mach. Stud. 7(1), 1–13 (1975)
McKendrick, A., Pai, M.K.: XLV.—the rate of multiplication of micro-organisms: a mathematical study. Roy. Soc. Edinb. 31, 649–653 (1912). Cambridge
Acknowledgments
This work is supported in part by the scholarship from China Scholarship Council under the Grant 201506370106, Hunan Provincial Innovation Foundation for Postgraduate under the Grant CX2015B047, the National Natural Science Foundation of China under Grants 61632009 and 61472451, and the Joint Project of Central South University and Shenzhen Tencent Computer Systems CO., LTD.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Xu, Y., Gao, W., Zeng, Q., Wang, G., Ren, J., Zhang, Y. (2017). FABAC: A Flexible Fuzzy Attribute-Based Access Control Mechanism. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, KK. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2017. Lecture Notes in Computer Science(), vol 10656. Springer, Cham. https://doi.org/10.1007/978-3-319-72389-1_27
Download citation
DOI: https://doi.org/10.1007/978-3-319-72389-1_27
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-72388-4
Online ISBN: 978-3-319-72389-1
eBook Packages: Computer ScienceComputer Science (R0)