A Comparison of Logical-Formula and Enumerated Authorization Policy ABAC Models
نویسندگان
چکیده
Logical formulas and enumeration are the two major ways for specifying authorization policies in Attribute Based Access Control (ABAC). While considerable research has been done for specifying logical-formula authorization policy ABAC, there has been less attention to enumerated authorization policy ABAC. This paper presents a finite attribute, finite domain ABAC model for enumerated authorization policies and investigates its relationship with logical-formula authorization policy ABAC models in the finite domain. We show that these models are equivalent in their theoretical expressive power. We also show that single and multi-attribute ABAC models are equally expressive.
منابع مشابه
Access control in ultra-large-scale systems using a data-centric middleware
The primary characteristic of an Ultra-Large-Scale (ULS) system is ultra-large size on any related dimension. A ULS system is generally considered as a system-of-systems with heterogeneous nodes and autonomous domains. As the size of a system-of-systems grows, and interoperability demand between sub-systems is increased, achieving more scalable and dynamic access control system becomes an im...
متن کاملAttribute Based Access Control for Grid Computing
Grid systems, which are composed of autonomous domains, are open and dynamic. In such systems, there are usually a large number of users, the users are changeable, and different domains have their own policies. The traditional access control models that are identity based are closed and inflexible. The Attribute Based Access Control (ABAC) model, which makes decisions relying on attributes of r...
متن کاملRiskPol: A Risk Assessment Framework for Preventing Attribute-Forgery Attacks to ABAC Policies (Work in Progress)
Recently, attribute-based access control (ABAC) has emerged as a convenient paradigm for specifying, enforcing and maintaining rich and flexible authorization policies, leveraging attributes originated frommultiple sources, e.g., operative systems, softwaremodules, remote services, etc. However, attackers may try to bypass ABAC policies by compromising such sources to forge the attributes they ...
متن کاملRiskPol: A Risk Assessment Framework for Preventing Attribute-Forgery Attacks to ABAC Policies
Recently, attribute-based access control (ABAC) has emerged as a convenient paradigm for specifying, enforcing andmaintaining rich and flexible authorization policies, leveraging attributes originated from multiple sources, e.g., operative systems, software modules, remote services, etc. However, attackers may try to bypass ABAC policies by compromising such sources to forge the attributes they...
متن کاملA Privacy-Enhanced Attribute-Based Access Control System
Service-oriented architectures (SOAs) are increasingly gaining popularity due to their considerable flexibility and scalability in open IT-environments. Along with their rising acceptance comes the need for well suited security components. In this respect, access control and privacy emerged to crucial factors. Targeting the demands of a SOA, many promising authorization models have been develop...
متن کامل