Current Research and Open Problems in Attribute-Based Access Control

Servos, Daniel; Osborn, Sylvia L.

doi:10.1145/3007204

Cited by 187 publications

(68 citation statements)

References 77 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Since ℎ( ) and ( ) are commonsensically positive, we find an inverse correlation between the incremental usability Δ and the threshold in expression (13); that is, a lower leads to more approvals on requests. Apparently, the FBAC would deteriorate to standard ABAC if tends to the upper bound, i.e., the value 1 in our case.…”

Section: Usability and Securitymentioning

confidence: 79%

See 1 more Smart Citation

A Feasible Fuzzy-Extended Attribute-Based Access Control Technique

Gao

Zeng

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

Attribute-based access control (ABAC) is a maturing authorization technique with outstanding expressiveness and scalability, which shows its overwhelmingly competitive advantage, especially in complicated dynamic environments. Unfortunately, the absence of a flexible exceptional approval mechanism in ABAC impairs the resource usability and business time efficiency in current practice, which could limit its growth. In this paper, we propose a feasible fuzzy-extended ABAC (FBAC) technique to improve the flexibility in urgent exceptional authorizations and thereby improving the resource usability and business timeliness. We use the fuzzy assessment mechanism to evaluate the policy-matching degrees of the requests that do not comply with policies, so that the system can make special approval decisions accordingly to achieve unattended exceptional authorizations. We also designed an auxiliary credit mechanism accompanied by periodic credit adjustment auditing to regulate expediential authorizations for mitigating risks. Theoretical analyses and experimental evaluations show that the FBAC approach enhances resource immediacy and usability with controllable risk.

show abstract

Section: Usability and Securitymentioning

confidence: 79%

“…Meanwhile, the academic community has also invested significant effort in this research area [13]. Li et al [14] conducted in-depth discussions on the inherent logical relations and system architecture of ABAC.…”

Section: Related Workmentioning

confidence: 99%

A Feasible Fuzzy-Extended Attribute-Based Access Control Technique

Gao

Zeng

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…It substantiates the reaching of these systems to the flexible and trustable access control technology much faster [20]. However, this flexibility increases the occurrences of policy conflicts and makes the maintenance and administration of the policies difficult [48][49][50][51]. After a time period, the developers decided that ABAC is not efficient in system control because the access permissions given according to the attributes of the users became insufficient and unproductive.…”

Section: Attribute Based Access Controlmentioning

confidence: 93%

“…The unit that assigns the authorities is the person who is the owner of the objects called Owner; thus, he also determines the security principles. The owner gives the necessary authorization to individuals in the system, introduces limitations, and limits their access to the system according to his own will [12,51]. Although the most important feature of this system is the fact that it has a high level of security, it cannot distinguish between the subjects and object domains and has security leaks [57][58][59][60].…”

Section: Discretionary Access Controlmentioning

confidence: 99%

Survey on Access Control Mechanisms in Cloud Computing

Karataş

Akbulut

2018

JCSM

View full text Add to dashboard Cite

The benefits that Internet-based applications and services have given to the end user with today's cloud computing technology are very remarkable. The distributed services instantly scaled over the Internet provided by cloud computing can be achieved by using some mechanisms in the background. It is a critical task for end users to control access to resources because lack of control often leads to security risks. In addition, this may cause systems to fail. This paper describes seven different access control mechanisms used in cloud computing platforms for different purposes. Besides, the advantages and disadvantages of various models developed from previous service-based architectures and used for cloud computing are detailed and classified. During the assessments, NIST's metrics were taken as a reference, and in the study, 109 articles from the past decade were examined. We also compared our research with the existing survey papers.

show abstract

“…An attribute defines the characteristics of an entity. For example, for subjects (users or applications) attributes can include name, organisation, title, for resources, size, date, performance and for environments, date, time and physical location [37]. In ABAC, policies are formulated as attribute expressions and access is granted if the requirements of a policy is satisfied.…”

Section: Background and Problem Statementmentioning

confidence: 99%

Fine-Grained Access Control for Smart Healthcare Systems in the Internet of Things

Pal¹,

Hitchens²,

Varadharajan³

et al. 2018

EAI Endorsed Transactions on Industrial Networks and Intelligen

View full text Add to dashboard Cite

There has been tremendous growth in the application of the Internet of Things (IoT) in our daily lives. Yet with this growth has come numerous security concerns and privacy challenges for both the users and the systems. Smart devices have many uses in a healthcare system, e.g. collecting and reporting patient data and controlling the administration of treatment. In this paper, we address the specific security issue of access control for smart healthcare systems and the protection of smart things from unauthorised access in such large scale systems. Commonly used access control approaches e.g. Role-Based Access Control (RBAC), AttributeBased Access Control (ABAC) and Capability-Based Access Control (CapBAC) do not, in isolation, provide a complete solution for securing access to IoT-enabled smart healthcare devices. They may, for example, require an overly-centralised solution or an unmanageably large policy base. We propose a novel access control architecture which improves policy management by reducing the required number of authentication policies in a large-scale healthcare system while providing fine-grained access control. The devised access control model employs attributes, roles and capabilities. We apply attributes for role membership assignment and in permission evaluation. Membership of roles grants capabilities. The capabilities which are issued may be parameterised based on attributes of the user and are then used to access specific services provided by things. We also provide a formal specification of the model and a description of its implementation and demonstrate its application through different use-case scenarios. The evaluation results of core functionality of our architecture are provided with the practical testbed experiments.

show abstract

Current Research and Open Problems in Attribute-Based Access Control

Cited by 187 publications

References 77 publications

A Feasible Fuzzy-Extended Attribute-Based Access Control Technique

A Feasible Fuzzy-Extended Attribute-Based Access Control Technique

Survey on Access Control Mechanisms in Cloud Computing

Fine-Grained Access Control for Smart Healthcare Systems in the Internet of Things

Contact Info

Product

Resources

About