Abstract
Attribute-based access control (ABAC) is a promising alternative to traditional models of access control (i.e., discretionary access control (DAC), mandatory access control (MAC), and role-based access control (RBAC)) that is drawing attention in both recent academic literature and industry application. However, formalization of a foundational model of ABAC and large scale adoption is still in its infancy. The relatively recent emergence of ABAC still leaves a number of problems unexplored. Issues like delegation, administration, auditability, scalability, hierarchical representations, and the like, have been largely ignored or left to future work.
This article provides a basic introduction to ABAC and a comprehensive review of recent research efforts toward developing formal models of ABAC. A taxonomy of ABAC research is presented and used to categorize and evaluate surveyed articles. Open problems are identified based on the shortcomings of the reviewed works and potential solutions discussed.
- Ali E. Abdallah and Etienne J. Khayat. 2005. A formal model for parameterized role-based access control. In Formal Aspects in Security and Trust. Springer, 233--246. Google ScholarCross Ref
- Nabil R. Adam, Vijayalakshmi Atluri, Elisa Bertino, and Elena Ferrari. 2002. A content-based authorization model for digital libraries. IEEE Transactions on Knowledge and Data Engineering 14, 2 (2002), 296--315. Google ScholarDigital Library
- Mohammad A. Al-Kahtani and Ravi Sandhu. 2002. A model for attribute-based user-role assignment. In Proceedings of the 2002 18th Annual Computer Security Applications Conference. IEEE, 353--362. Google ScholarCross Ref
- Hadiseh Seyyed Alipour and Mehdi Sabbari. 2012. Definition of action and attribute based access control rules for web services. In Proceedings of the 2012 International Conference on Industrial Engineering and Operations Management. 869--878.Google Scholar
- Claudio Agostino Ardagna, Sabrina De Capitani di Vimercati, Gregory Neven, Stefano Paraboschi, F.-S. Preiss, Pierangela Samarati, and Mario Verdicchio. 2010. Enabling privacy-preserving credential-based access control with XACML and SAML. In Proceedings of the 2010 IEEE 10th International Conference on Computer and Information Technology (CIT’10). IEEE, 1090--1095. Google ScholarDigital Library
- Franz Baader and Philipp Hanschke. 1991. A Scheme for Integrating Concrete Domains into Concept Languages. Technical Report RR-91-10. DFKI Deutsches Forschungszentrum fr Knstliche Intelligenz.Google Scholar
- Ezedin Barka and Ravi Sandhu. 2000a. Framework for role-based delegation models. In Proceedings of the 16th Annual Conference on Computer Security Applications (ACSAC’00). IEEE, 168--176. Google ScholarCross Ref
- Ezedin Barka and Ravi Sandhu. 2000b. A role-based delegation model and some extensions. In Proceedings of the 23rd National Information Systems Security Conference. 396--404.Google Scholar
- Steve Barker. 2009. The next 700 access control models or a unifying meta-model? In Proceedings of the 14th ACM Symposium on Access Control Models and Technologies. ACM, 187--196. Google ScholarDigital Library
- John Bethencourt, Amit Sahai, and Brent Waters. 2007. Ciphertext-policy attribute-based encryption. In Proceedings of the 2007 IEEE Symposium on Security and Privacy (SP’07). IEEE, 321--334. Google ScholarDigital Library
- Rafae Bhatti, Arif Ghafoor, Elisa Bertino, and James BD Joshi. 2005. X-GTRBAC: An XML-based policy specification framework and architecture for enterprise-wide access control. ACM Transactions on Information and System Security (TISSEC) 8, 2 (2005), 187--227. Google ScholarDigital Library
- Khalid Zaman Bijon, Ram Krishman, and Ravi Sandhu. 2013. Constraints specification in attribute based access control. Science 2, 3 (2013), pp--131.Google Scholar
- Rakesh Bobba, Omid Fatemieh, Fariba Khan, Arindam Khan, Carl A. Gunter, Himanshu Khurana, and Manoj Prabhakaran. 2010. Attribute-based messaging: Access control and confidentiality. ACM Transactions on Information and System Security (TISSEC) 13, 4 (2010), 31.Google ScholarDigital Library
- David F. C. Brewer and Michael J. Nash. 1989. The Chinese wall security policy. In Proceedings of the 1989 IEEE Symposium on Security and Privacy. IEEE, 206--214. Google ScholarCross Ref
- Jery Bryans. 2005. Reasoning about XACML policies using CSP. In Proceedings of the 2005 Workshop on Secure Web Services. ACM, 28--35. Google ScholarDigital Library
- Daniel J. Buehrer, Lo Tse-Wen, and Hsieh Chih-Ming. 2001. Abia cadabia: A distributed, intelligent database architecture. Intelligent Multimedia, Computing, and Communications (2001), 1--3.Google Scholar
- Daniel J. Buehrer and Chun-Yao Wang. 2012. CA-ABAC: Class algebra attribute-based access control. In Proceedings of the 2012 IEEE/WIC/ACM International Joint Conferences on Web Intelligence and Intelligent Agent Technology-Volume 03. IEEE Computer Society, 220--225.Google Scholar
- Mike Burmester, Emmanouil Magkos, and Vassilis Chrissikopoulos. 2013. T-ABAC: An attribute-based access control model for real-time availability in highly dynamic systems. In Proceedings of the 2013 IEEE Symposium on Computers and Communications (ISCC’13). IEEE, 000143--000148. Google ScholarCross Ref
- Jan Camenisch, Sebastian Mödersheim, Gregory Neven, Franz-Stefan Preiss, and Dieter Sommer. 2010. A card requirements language enabling privacy-preserving access control. In Proceedings of the 15th ACM Symposium on Access Control Models and Technologies. ACM, 119--128. Google ScholarDigital Library
- David W. Chadwick, Alexander Otenko, and Edward Ball. 2003. Role-based access control with X.509 attribute certificates. Internet Computing, IEEE 7, 2 (2003), 62--69. Google ScholarDigital Library
- Yanzhe Che, Qiang Yang, Chunming Wu, and Lianhang Ma. 2010. BABAC: An access control framework for network virtualization using user behaviors and attributes. In Proceedings of the 2010 IEEE/ACM International Conference on Green Computing and Communications 8 International Conference on Cyber, Physical and Social Computing. IEEE Computer Society, 747--754.Google ScholarDigital Library
- Yuan Cheng, Jaehong Park, and Ravi Sandhu. 2012. A user-to-user relationship-based access control model for online social networks. In Data and Applications Security and Privacy XXVI. Springer, 8--24. Google ScholarDigital Library
- Yuan Cheng, Jaehong Park, and Ravi Sandhu. 2014. Attribute-aware relationship-based access control for online social networks. In Data and Applications Security and Privacy XXVIII. Springer, 292--306. Google ScholarDigital Library
- Lorenzo Cirio, Isabel F Cruz, and Roberto Tamassia. 2007. A role and attribute based access control system using semantic web technologies. In Proceedings of the 2007 OTM Confederated International Conference on On the Move to Meaningful Internet Systems - Volume Part II (OTM’07). Springer, 1256--1266.Google ScholarCross Ref
- James Clark and Steve DeRose. 1999. XML path language (XPath). W3C Recommendation 16.Google Scholar
- Michael J. Covington and Manoj R. Sastry. A contextual attribute-based access control model. In Proceedings of the 2006 International Conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, PKSinBIT. Google ScholarDigital Library
- Isabel F. Cruz, Rigel Gjomemo, Benjamin Lin, and Mirko Orsini. 2008. A location aware role and attribute based access control system. In Proceedings of the 16th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems. ACM, 84. Google ScholarDigital Library
- Isabel F. Cruz, Rigel Gjomemo, Benjamin Lin, and Mirko Orsini. 2009. A constraint and attribute based security framework for dynamic role assignment in collaborative environments. In Collaborative Computing: Networking, Applications and Worksharing. Springer, 322--339. Google ScholarCross Ref
- Ni Dan, Shi Hua-Ji, Chen Yuan, and Guo Jia-Hu. 2012. Attribute based access control (ABAC)-based cross-domain access control in service-oriented architecture (SOA). In Proceedings of the 2012 International Conference on Computer Science 8 Service System (CSSS’12). IEEE, 1405--1408. Google ScholarDigital Library
- Agostino Dovier, Carla Piazza, Enrico Pontelli, and Gianfranco Rossi. 2000. Sets and constraint logic programming. ACM Transactions on Programming Languages and Systems (TOPLAS) 22, 5 (2000), 861--931. Google ScholarDigital Library
- Ali Esmaeeli and Hamid Reza Shahriari. 2010. Privacy protection of grid service requesters through distributed attribute based access control model. In Proceedings of the 5th International Conference on Advances in Grid and Pervasive Computing. Springer, 573--582. Google ScholarDigital Library
- S. Farrell and R. Housley. 2002. An Internet Attribute Certificate Profile for Authorization. RFC 3281. RFC Editor. Retrieved from https://www.ietf.org/rfc/rfc3281.txt.Google Scholar
- S. Farrell, R. Housley, and S. Turner. 2010. An Internet Attribute Certificate Profile for Authorization. RFC 5755. RFC Editor. Retrieved from https://tools.ietf.org/html/rfc5755.Google Scholar
- David Ferraiolo. 2013. Towards an ABAC Family of Models. Retrieved from http://csrc.nist.gov/projects/abac/july2013_workshop/july2013_abac_workshop_abac-model-framework_dferraiolo.pdf.Google Scholar
- David Ferraiolo, Vijayalakshmi Atluri, and Serban Gavrila. 2011. The policy machine: A novel architecture and framework for access control policy specification and enforcement. Journal of Systems Architecture 57, 4 (2011), 412--424. Google ScholarDigital Library
- David Ferraiolo, Serban Gavrila, and Wayne Jansen. 2015. Policy Machine: Features, Architecture, and Specification. Technical Report NISTIR 7987 Revision 1. National Institute of Standards and Technology. http://dx.doi.org/10.6028/NIST.IR.7987r1 Google ScholarCross Ref
- David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D. Richard Kuhn, and Ramaswamy Chandramouli. 2001. Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security (TISSEC) 4, 3 (2001), 224--274. Google ScholarDigital Library
- Elena Ferrari, Nabil R. Adam, Vijayalakshmi Atluri, Elisa Bertino, and Ugo Capuozzo. 2002. An authorization system for digital libraries. The VLDB Journal 11, 1 (2002), 58--67. Google ScholarDigital Library
- Kathi Fisler, Shriram Krishnamurthi, Leo A. Meyerovich, and Michael Carl Tschantz. 2005. Verification and change-impact analysis of access-control policies. In Proceedings of the 27th International Conference on Software Engineering. ACM, 196--205.Google Scholar
- Mei Ge and Sylvia L. Osborn. 2004. A design for parameterized roles. In Research Directions in Data and Applications Security XVIII. Springer, 251--264. Google ScholarCross Ref
- Luigi Giuri and Pietro Iglio. 1997. Role templates for content-based access control. In Proceedings of the Second ACM Workshop on Role-Based Access Control. ACM, 153--159. Google ScholarDigital Library
- Simon Godik, Anne Anderson, Bill Parducci, Polar Humenn, and Sekhar Vajjhala. 2002. OASIS eXtensible Access Control Markup Language (XACML). Technical Report. OASIS.Google Scholar
- Vipul Goyal, Omkant Pandey, Amit Sahai, and Brent Waters. 2006. Attribute-based encryption for fine-grained access control of encrypted data. In Proceedings of the 13th ACM Conference on Computer and Communications Security. ACM, 89--98. Google ScholarDigital Library
- Ruo-Fei Han, Hou-Xiang Wang, Qian Xiao, Xiao-Pei Jing, and Hui Li. 2009. A united access control model for systems in collaborative commerce. Journal of Networks 4, 4 (2009), 279--289. Google ScholarCross Ref
- Zhengqiu He, Lifa Wu, Huabo Li, Haiguang Lai, and Zheng Hong. 2011. Semantics-based access control approach for web service. Journal of Computers 6, 6 (2011), 1152--1161. Google ScholarCross Ref
- Richard Dean Holowczak. 1997. Extractors for Digital Library Objects. Ph.D. Dissertation. Rutgers University, Department of MS/CIS.Google Scholar
- Ian Horrocks, Peter F. Patel-Schneider, Harold Boley, Said Tabet, Benjamin Grosof, Mike Dean, and others. 2004. SWRL: A semantic web rule language combining OWL and RuleML. W3C Member Submission 21 (2004), 79.Google Scholar
- Vincent C. Hu, David Ferraiolo, Rick Kuhn, Arthur R. Friedman, Alan J. Lang, Margaret M. Cogdell, Adam Schnitzer, Kenneth Sandlin, Robert Miller, and Karen Scarfone. 2013. Guide to attribute based access control (ABAC) Definition and Considerations (Draft). NIST Special Publication 800 (2013), 162.Google Scholar
- Jingwei Huang, David M. Nicol, Rakesh Bobba, and Jun Ho Huh. 2012. A framework integrating attribute-based policies into role-based access control. In Proceedings of the 17th ACM Symposium on Access Control Models and Technologies. ACM, 187--196. Google ScholarDigital Library
- John Hughes and Eve Maler. 2005. Security Assertion Markup Language (SAML) V2.0 Technical Overview. Technical Report. OASIS.Google Scholar
- Junbeom Hur and Dong Kun Noh. 2011. Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Transactions on Parallel and Distributed Systems 22, 7 (2011), 1214--1221. Google ScholarDigital Library
- INCITS. 2013. Information Technology - Next Generation Access Control - Functional Architecture (NGAC-FA). Technical Report INCITS 499-2013. American National Standard for Information Technology, American National Standards Institute.Google Scholar
- INCITS. 2015. Information technology - Next Generation Access Control Generic Operations and Data Structures (NGAC-GOADS). Technical Report INCITS 499-2013. American National Standard for Information Technology, American National Standards Institute.Google Scholar
- Peng Jin and Yang Fang-chun. 2006. Description logic modeling of temporal attribute-based access control. In Proceedings of the 2006 1st International Conference on Communications and Electronics. IEEE, 414--418. Google ScholarCross Ref
- Xin Jin, Ram Krishnan, and Ravi Sandhu. 2012a. A unified attribute-based access control model covering DAC, MAC and RBAC. In Data and Applications Security and Privacy XXVI. Springer, 41--55. Google ScholarDigital Library
- Xin Jin, Ravi Sandhu, and Ram Krishnan. 2012b. RABAC: Role-centric attribute-based access control. In Proceedings of the 6th International Conference on Mathematical Methods, Models and Architectures for Computer Network Security: Computer Network Security. Springer, 84--96. Google ScholarDigital Library
- James B. D. Joshi, Elisa Bertino, Usman Latif, and Arif Ghafoor. 2005. A generalized temporal role-based access control model. IEEE Transactions on Knowledge and Data Engineering 17, 1 (2005), 4--23. Google ScholarDigital Library
- Florian Kerschbaum. 2010. An access control model for mobile physical objects. In Proceedings of the 15th ACM Symposium on Access Control Models and Technologies. ACM, 193--202. Google ScholarDigital Library
- Etienne J. Khayat and Ali E. Abdallah. 2003. A formal model for flat role-based access control. In ACS/IEEE International Conference on Computer Systems and Applications (AICCSA’03), Vol. 4. Google ScholarCross Ref
- Vladimir Kolovski, James Hendler, and Bijan Parsia. 2007. Analyzing web access control policies. In Proceedings of the 16th International Conference on World Wide Web. ACM, 677--686. Google ScholarDigital Library
- D. Richard Kuhn, Edward J. Coyne, and Timothy R. Weil. 2010. Adding attributes to role-based access control. IEEE Computer 43, 6 (2010), 79--81. Google ScholarDigital Library
- Bo Lang, Ian Foster, Frank Siebenlist, Rachana Ananthakrishnan, and Tim Freeman. 2006. Attribute based access control for grid computing. Retrieved from http://www.mcs.anl.gov/uploads/cels/papers/P1367.pdf.Google Scholar
- Bo Lang, Ian Foster, Frank Siebenlist, Rachana Ananthakrishnan, and Tim Freeman. 2009. A flexible attribute based access control method for grid computing. Journal of Grid Computing 7, 2 (2009), 169--180. Google ScholarCross Ref
- Bo Lang, Hangyu Li, and Wenting Ni. 2010. Attribute-based access control for layered grid resources. In Communication and Networking. Springer, Berlin, 31--40. Google ScholarCross Ref
- Adam J. Lee and Marianne Winslett. 2006. Open problems for usable and secure open systems. In Proceediings of the Workshop on Usability Research Challenges for Cyberinfrastructure and Tools Held in Conjunction with ACM CHI.Google Scholar
- Jaewon Lee, Heeyoul Kim, and Joon Sung Hong. 2008. An attribute aggregation architecture with trust-based evaluation for access control. In Proceedings of the NOMS 2008-2008 IEEE Network Operations and Management Symposium. 1011--1014.Google Scholar
- Ninghui Li and Mahesh V. Tripunitara. 2006. Security analysis in role-based access control. ACM Transactions on Information and System Security (TISSEC) 9, 4 (2006), 391--420. Google ScholarDigital Library
- Ninghui Li and William H. Winsborough. 2003. Beyond proof-of-compliance: Safety and availability analysis in trust management. In 2003 Symposium on Security and Privacy. IEEE, 123--139.Google Scholar
- Feng Liang, Haoming Guo, Shengwei Yi, and Shilong Ma. 2012. A multiple-policy supported attribute-based access control architecture within large-scale device collaboration systems. Journal of Networks 7, 3 (2012), 524--531. Google ScholarCross Ref
- Dan Lin, Prathima Rao, Elisa Bertino, Ninghui Li, and Jorge Lobo. 2010. EXAM: A comprehensive environment for the analysis of access control policies. International Journal of Information Security 9, 4 (2010), 253--273. Google ScholarDigital Library
- Emil Lupu and Morris Sloman. 1997. Reconciling role based management and role based access control. In Proceedings of the Second ACM Workshop on Role-Based Access Control. ACM, 135--141. Google ScholarDigital Library
- Deborah L. McGuinness, Frank Van Harmelen, and Others. 2004. OWL web ontology language overview. W3C Recommendation (2004).Google Scholar
- Matunda Nyanchama and Sylvia Osborn. 1999. The role graph model and conflict of interest. ACM Transactions on Information and System Security (TISSEC) 2, 1 (1999), 3--33. Google ScholarDigital Library
- Jaehong Park and Ravi Sandhu. 2004. The UCON ABC usage control model. ACM Transactions on Information and System Security (TISSEC) 7, 1 (2004), 128--174. Google ScholarDigital Library
- Eric PrudHommeaux and Andy Seaborne. 2008. SPARQL query language for RDF. W3C Recommendation 15 (2008).Google Scholar
- Carlos E. Rubio-Medrano, Clinton D’Souza, and Gail-Joon Ahn. 2013. Supporting secure collaborations with attribute-based access control. In Proceedings of the 2013 9th International Conference Conference on Collaborative Computing: Networking, Applications and Worksharing (Collaboratecom). IEEE, 525--530. Google ScholarCross Ref
- Amit Sasturkar, Ping Yang, Scott D. Stoller, and C. R. Ramakrishnan. 2006. Policy analysis for administrative role based access control. In Proceedings of the 19th IEEE Computer Security Foundations Workshop (CSFW’06). IEEE. Google ScholarDigital Library
- Daniel Servos. 2012. A Role and Attribute Based Encryption Approach to Privacy and Security in Cloud Based Health Services. Master’s thesis. Lakehead University. Retrieved from http://knowledgecommons.lakeheadu.ca/handle/2453/286.Google Scholar
- Daniel Servos, Sabah Mohammed, Jinan Fiaidhi, and Tai hoon Kim. 2013. Extensions to ciphertext-policy attribute-based encryption to support distributed environments. International Journal of Computer Applications in Technology 47, 2 (2013), 215--226.Google ScholarDigital Library
- Daniel Servos and Sylvia L. Osborn. 2014. HGABAC: Towards a formal model of hierarchical attribute-based access control. In Proceedings of the 7th International Symposium on Foundations and Practice of Security (FPS’14). Springer, 187--204.Google Scholar
- Basit Shafiq, Elisa Bertino, and Arif Ghafoor. 2005. Access control management in a distributed environment supporting dynamic collaboration. In Proceedings of the 2005 Workshop on Digital Identity Management. ACM, 104--112. Google ScholarDigital Library
- Haibo Shen. 2009. A semantic-aware attribute-based access control model for web services. In Proceedings of the 9th International Conference on Algorithms and Architectures for Parallel Processing. Springer, 693--703. Google ScholarDigital Library
- Hai-bo Shen and Fan Hong. 2006. An attribute-based access control model for web services. In Proceedings of the 2006 7th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT’06). IEEE, 74--79. Google ScholarDigital Library
- Waleed W. Smari, Patrice Clemente, and Jean-Francois Lalande. 2014. An extended attribute based access control model with trust and privacy: Application to a collaborative crisis management system. Future Generation Computer Systems 31 (2014), 147--168. Google ScholarDigital Library
- Waleed W. Smari, Jian Zhu, and Patrice Clemente. 2009. Trust and privacy in attribute based access control for collaboration environments. In Proceedings of the 11th International Conference on Information Integration and Web-based Applications 8 Services. ACM, 49--55. Google ScholarDigital Library
- Scott D. Stoller, Ping Yang, C. R. Ramakrishnan, and Mikhail I. Gofman. 2007. Efficient policy analysis for administrative role based access control. In Proceedings of the 14th ACM Conference on Computer and Communications Security. ACM, 445--455. Google ScholarDigital Library
- Guojun Wang, Qin Liu, and Jie Wu. 2010. Hierarchical attribute-based encryption for fine-grained access control in cloud storage services. In Proceedings of the 17th ACM Conference on Computer and Communications Security. ACM, 735--737. Google ScholarDigital Library
- He Wang and Sylvia L. Osborn. 2006. Delegation in the role graph model. In Proceedings of the 11th ACM Symposium on Access Control Models and Technologies. ACM, 91--100. Google ScholarDigital Library
- He Wang and Sylvia L. Osborn. 2011. Static and dynamic delegation in the role graph model. IEEE Transactions on Knowledge and Data Engineering 23, 10 (2011), 1569--1582. Google ScholarDigital Library
- Lingyu Wang, Duminda Wijesekera, and Sushil Jajodia. 2004. A logic-based framework for attribute based access control. In Proceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering. ACM, 45--55. Google ScholarDigital Library
- Brent Waters. 2011. Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In Proceedings of the International Workshop on Public Key Cryptography. Springer, 53--70. Google ScholarCross Ref
- Yonghe Wei, Chunjing Shi, and Weiping Shao. 2010. An attribute and role based access control model for service-oriented environment. In Proceedings of the 2010 Chinese Control and Decision Conference. IEEE, 4451--4455.Google Scholar
- Alma Whitten and J. Doug Tygar. 1999. Why Johnny can’t encrypt: A Usability Evaluation of PGP 5.0. In Usenix Security, Vol. 1999.Google Scholar
- Jian Shu Lianghong Shi Bing Xia and Linlan Liu. 2009. Study on action and attribute-based access control model for web services. In Proceedings of the 2009 2nd International Symposium on Information Science and Engineering. 213--216.Google Scholar
- Zhongyuan Xu and Scott D. Stoller. 2013. Mining attribute-based access control policies from RBAC policies. In Proceedings of the 10th International Conference and Expo on Emerging Technologies for a Smarter World (CEWIT’10). IEEE, 1--6.Google Scholar
- Zhongyuan Xu and Scott D. Stoller. 2014. Mining attribute-based access control policies from logs. In IFIP Annual Conference on Data and Applications Security and Privacy. Springer, 276--291. Google ScholarDigital Library
- Zhongyuan Xu and Scott D. Stoller. 2015. Mining attribute-based access control policies. IEEE Transactions on Dependable and Secure Computing 12, 5 (2015), 533--545. Google ScholarDigital Library
- Danfeng Yao, Michael Shin, Roberto Tamassia, and William H. Winsborough. 2005. Visualization of automated trust negotiation. In Proceedings of the IEEE Workshop on Visualization for Computer Security (VizSEC’05). IEEE, 65--74.Google Scholar
- Shucheng Yu, Cong Wang, Kui Ren, and Wenjing Lou. 2010. Achieving secure, scalable, and fine-grained data access control in cloud computing. In Proceedings of the 2010 IEEE of INFOCOM. IEEE, 1--9.Google ScholarCross Ref
- Eric Yuan and Jin Tong. 2005. Attributed based access control (ABAC) for web services. In Proceedings of the IEEE International Conference on Web Services (ICWS’05). IEEE, 569. Google ScholarDigital Library
- Guoping Zhang, Jing Liu, and Jianbo Liu. 2013. Protecting sensitive attributes in attribute based access control. In Proceedings of the International Conference on Service-Oriented Computing (ICSOC’13). Springer, 294--305. Google ScholarCross Ref
- Xinwen Zhang, Yingjiu Li, and Divya Nalla. 2005. An attribute-based access matrix model. In Proceedings of the 2005 ACM Symposium on Applied Computing. ACM, 359--363. Google ScholarDigital Library
- Xinwen Zhang, Sejong Oh, and Ravi Sandhu. 2003. PBDM: A flexible delegation model in RBAC. In Proceedings of the 8th ACM Symposium on Access Control Models and Technologies. ACM, 149--157. Google ScholarDigital Library
- Yongsheng S. Zhang, Mingfeng F. Wu, Lei Wu, and Yuanyuan Y. Li. 2014. Attribute-based access control security model in service-oriented computing. In Proceedings of the 2012 International Conference on Cybernetics and Informatics. Springer, 1473--1479. Google ScholarCross Ref
- Jian Zhu and Waleed W. Smari. 2008. Attribute based access control and security for collaboration environments. In Proceedings of the 2008 IEEE National Aerospace and Electronics Conference. IEEE, 31--35. Google ScholarCross Ref
- Yiqun Zhu, Jianhua Li, and Quanhai Zhang. 2008. General attribute based RBAC model for web services. Wuhan University Journal of Natural Sciences 13, 1 (2008), 81--86. Google ScholarCross Ref
Index Terms
- Current Research and Open Problems in Attribute-Based Access Control
Recommendations
Attribute Based Access Control (ABAC)-Based Cross-Domain Access Control in Service-Oriented Architecture (SOA)
CSSS '12: Proceedings of the 2012 International Conference on Computer Science and Service SystemThe traditional role-based access control model (RBAC) can not meet the requirements of Service Oriented Architectures (SOA) on the distribution and openness, Attribute-Based Access Control (ABAC), which is more fine-grained in access control, is more ...
Towards Attribute-Centric Access Control: an ABAC versus RBAC argument
Recent developments in attribute-based access control have fueled the conventional debate regarding the pros and cons of Attributes-based access control ABAC versus Role-based access control RBAC. However, existing arguments have been primarily focused ...
An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security
ICFNDS '17: Proceedings of the International Conference on Future Networks and Distributed SystemsRole-based access control (RBAC) is a widely-used protocol to design and build an access control for providing the system security regarding authorization. Even though in the context of internet resources access, the authentication and access control ...
Comments