2020 | OriginalPaper | Buchkapitel
Tipp
Weitere Kapitel dieses Buchs durch Wischen aufrufen
Erschienen in:
Emerging Technologies for Authorization and Authentication
Current architectures and data flow models for access control are based on request response communication. In stateful or session-based applications monitoring access rights over time this results in polling of authorization services and for Attribute-Based Access Control (ABAC) in the polling of policy information points. This introduces latency or increased load due to polling. Attribute-Stream-based Access Control (ASBAC) is an authorization model based on a publish subscribe pattern mitigating these bottlenecks. ASBAC allows the quasi real time consideration of attribute data streams for access control decisions, such as internet-of-things (IoT) sensor data. This paper introduces the Structure and Agency Policy Language (SAPL) for implementing ASBAC. In addition, the paper describes how ASBAC with SAPL can be implemented by applying a reactive programming model and describes key algorithms for evaluating SAPL policies.
Bitte loggen Sie sich ein, um Zugang zu diesem Inhalt zu erhalten
Sie möchten Zugang zu diesem Inhalt erhalten? Dann informieren Sie sich jetzt über unsere Produkte:
Anzeige
×
1.
Zurück zum Zitat American National Standards Institute: INCITS 499–2018: Information technology - next generation access control - functional architecture. Technical report, American National Standards Institute (2018) American National Standards Institute: INCITS 499–2018: Information technology - next generation access control - functional architecture. Technical report, American National Standards Institute (2018)
2.
Zurück zum Zitat Barker, C.: Cultural Studies: Theory and Practice. Sage, Thousand Oaks (2003) Barker, C.: Cultural Studies: Theory and Practice. Sage, Thousand Oaks (2003)
3.
Zurück zum Zitat Bonér, J., et al.: The reactive manifesto (2014). https://www.reactivemanifesto.org/. Accessed 15 May 2019 Bonér, J., et al.: The reactive manifesto (2014).
https://www.reactivemanifesto.org/. Accessed 15 May 2019
4.
Zurück zum Zitat Bray, T.: The JavaScript Object Notation (JSON) Data Interchange Format. RFC 7159, March 2014. https://doi.org/10.17487/RFC7159, https://rfc-editor.org/rfc/rfc7159.txt Bray, T.: The JavaScript Object Notation (JSON) Data Interchange Format. RFC 7159, March 2014.
https://doi.org/10.17487/RFC7159,
https://rfc-editor.org/rfc/rfc7159.txt
5.
Zurück zum Zitat Open Geospatial Consortium: Geospatial extensible access control markup language (GeoXACML). Technical report, Open Geospatial Consortium (2011). https://www.opengeospatial.org/standards/geoxacml Open Geospatial Consortium: Geospatial extensible access control markup language (GeoXACML). Technical report, Open Geospatial Consortium (2011).
https://www.opengeospatial.org/standards/geoxacml
6.
Zurück zum Zitat Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns: Elements of Reusable Object-oriented Software. Addison-Wesley Longman Publishing Co., Inc., Boston (1995) MATH Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns: Elements of Reusable Object-oriented Software. Addison-Wesley Longman Publishing Co., Inc., Boston (1995)
MATH
7.
Zurück zum Zitat Gossner, S.: JSONPath - XPath for JSON (2006). https://goessner.net/articles/JsonPath/. Accessed 14 June 2019 Gossner, S.: JSONPath - XPath for JSON (2006).
https://goessner.net/articles/JsonPath/. Accessed 14 June 2019
8.
Zurück zum Zitat Heutelbeck, D.: Attribute stream-based access control (ASBAC) - functional architecture and patterns. In: Proceedings of the 2019 International Conference of Security and Management (SAM 2019) (2019) Heutelbeck, D.: Attribute stream-based access control (ASBAC) - functional architecture and patterns. In: Proceedings of the 2019 International Conference of Security and Management (SAM 2019) (2019)
9.
Zurück zum Zitat Heutelbeck, D.: SAPL policy engine (2019). https://github.com/heutelbeck/sapl-policy-engine. Accessed 10 May 2019 Heutelbeck, D.: SAPL policy engine (2019).
https://github.com/heutelbeck/sapl-policy-engine. Accessed 10 May 2019
10.
Zurück zum Zitat Heutelbeck, D.: SAPL policy engine demos (2019). https://github.com/heutelbeck/sapl-demos. Accessed 10 May 2019 Heutelbeck, D.: SAPL policy engine demos (2019).
https://github.com/heutelbeck/sapl-demos. Accessed 10 May 2019
11.
Zurück zum Zitat Hu, V.C., et al.: Guide to attribute based access control (ABAC) definition and considerations. Technical report, National Institute of Standards and Technology, January 2014. https://doi.org/10.6028/nist.sp.800-162 Hu, V.C., et al.: Guide to attribute based access control (ABAC) definition and considerations. Technical report, National Institute of Standards and Technology, January 2014.
https://doi.org/10.6028/nist.sp.800-162
12.
Zurück zum Zitat Ijeh, A.C., Brimicombe, A.J., Preston, D.S., Imafidon, C.O.: Geofencing in a security strategy model. In: Jahankhani, H., Hessami, A.G., Hsu, F. (eds.) ICGS3 2009. CCIS, vol. 45, pp. 104–111. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04062-7_11 CrossRef Ijeh, A.C., Brimicombe, A.J., Preston, D.S., Imafidon, C.O.: Geofencing in a security strategy model. In: Jahankhani, H., Hessami, A.G., Hsu, F. (eds.) ICGS3 2009. CCIS, vol. 45, pp. 104–111. Springer, Heidelberg (2009).
https://doi.org/10.1007/978-3-642-04062-7_11
CrossRef
13.
Zurück zum Zitat Jiang, H., Bouabdallah, A.: JACPoL: a simple but expressive JSON-based access control policy language. In: Hancke, G.P., Damiani, E. (eds.) WISTP 2017. LNCS, vol. 10741, pp. 56–72. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93524-9_4 CrossRef Jiang, H., Bouabdallah, A.: JACPoL: a simple but expressive JSON-based access control policy language. In: Hancke, G.P., Damiani, E. (eds.) WISTP 2017. LNCS, vol. 10741, pp. 56–72. Springer, Cham (2018).
https://doi.org/10.1007/978-3-319-93524-9_4
CrossRef
14.
Zurück zum Zitat Jiang, H., Bouabdallah, A.: Towards a JSON-based fast policy evaluation framework. In: Panetto, H., et al. (eds.) OTM 2017. LNCS, vol. 10574, pp. 22–30. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-69459-7_2 CrossRef Jiang, H., Bouabdallah, A.: Towards a JSON-based fast policy evaluation framework. In: Panetto, H., et al. (eds.) OTM 2017. LNCS, vol. 10574, pp. 22–30. Springer, Cham (2017).
https://doi.org/10.1007/978-3-319-69459-7_2
CrossRef
15.
Zurück zum Zitat Latham, D.C.: Department of defense trusted computer system evaluation criteria. Department of Defense (1986) Latham, D.C.: Department of defense trusted computer system evaluation criteria. Department of Defense (1986)
16.
Zurück zum Zitat Linklater, G., Smith, C., Connan, J., Herbert, A., Irwin, B.V.: JSON schema for attribute-based access control for network resource security. In: Proceedings of Southern Africa Telecommunication Networks and Applications Conference (SATNAC 2017). (2017) Linklater, G., Smith, C., Connan, J., Herbert, A., Irwin, B.V.: JSON schema for attribute-based access control for network resource security. In: Proceedings of Southern Africa Telecommunication Networks and Applications Conference (SATNAC 2017). (2017)
17.
Zurück zum Zitat Lockhart, H., Parducci, B.: JSON profile of XACML 3.0 version 1.0 (2017). http://docs.oasis-open.org/xacml/xacml-json-http/v1.0/xacml-json-http-v1.0.html. Accessed 10 May 2019 Lockhart, H., Parducci, B.: JSON profile of XACML 3.0 version 1.0 (2017).
http://docs.oasis-open.org/xacml/xacml-json-http/v1.0/xacml-json-http-v1.0.html. Accessed 10 May 2019
18.
Zurück zum Zitat Sandhu, R.S.: Role-based access control. In: Advances in Computers, vol. 46, pp. 237–286. Elsevier (1998) Sandhu, R.S.: Role-based access control. In: Advances in Computers, vol. 46, pp. 237–286. Elsevier (1998)
19.
Zurück zum Zitat XACML 3.0 Committee: extensible access control markup language (XACML) version 3.0 (2013). http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html. Accessed 10 May 2019 XACML 3.0 Committee: extensible access control markup language (XACML) version 3.0 (2013).
http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html. Accessed 10 May 2019
20.
Zurück zum Zitat XACML 3.0 Committee: Abbreviated language for authorization version 1.0 (2015). https://www.oasis-open.org/committees/download.php/55228/alfa-for-xacml-v1.0-wd01.doc. Accessed 10 May 2019 XACML 3.0 Committee: Abbreviated language for authorization version 1.0 (2015).
https://www.oasis-open.org/committees/download.php/55228/alfa-for-xacml-v1.0-wd01.doc. Accessed 10 May 2019
- Titel
- The Structure and Agency Policy Language (SAPL) for Attribute Stream-Based Access Control (ASBAC)
- DOI
- https://doi.org/10.1007/978-3-030-39749-4_4
- Autor:
-
Dominic Heutelbeck
- Sequenznummer
- 4