HGABAC: Towards a Formal Model of Hierarchical Attribute-Based Access Control

Servos, Daniel; Osborn, Sylvia L.

doi:10.1007/978-3-319-17040-4_12

Cited by 41 publications

(43 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…We refer to the basic form of ABAC as a flat ABAC model since it does not consider hierarchies. Daniel et al have introduced the concept of hierarchical groups to this basic definition of ABAC to enable attributes inheritance through subject and object groups (Servos and Osborn 2015). The following list provides a high-level definition of terms relevant to our study.…”

Section: Abac Definition and Terminologymentioning

confidence: 99%

“…2, whenever possible. For detailed explanation of the basic and the hierarchical forms of ABAC, we refer the reader to Hu et al (2013); Servos and Osborn (2015).…”

Section: Abac Definition and Terminologymentioning

confidence: 99%

“…a user whose "subject_type" is "nurse" (Hu et al 2013). • Subject group: is a set of subjects grouped according to their domain (Servos and Osborn 2015). Using our example in Fig.…”

Section: Abac Definition and Terminologymentioning

confidence: 99%

See 2 more Smart Citations

Automated extraction of attributes from natural language attribute-based access control (ABAC) Policies

2019

View full text Add to dashboard Cite

The National Institute of Standards and Technology (NIST) has identified natural language policies as the preferred expression of policy and implicitly called for an automated translation of ABAC natural language access control policy (NLACP) to a machine-readable form. To study the automation process, we consider the hierarchical ABAC model as our reference model since it better reflects the requirements of real-world organizations. Therefore, this paper focuses on the questions of: how can we automatically infer the hierarchical structure of an ABAC model given NLACPs; and, how can we extract and define the set of authorization attributes based on the resulting structure. To address these questions, we propose an approach built upon recent advancements in natural language processing and machine learning techniques. For such a solution, the lack of appropriate data often poses a bottleneck. Therefore, we decouple the primary contributions of this work into: (1) developing a practical framework to extract authorization attributes of hierarchical ABAC system from natural language artifacts, and (2) generating a set of realistic synthetic natural language access control policies (NLACPs) to evaluate the proposed framework. Our experimental results are promising as we achieved -in average -an F1-score of 0.96 when extracting attributes values of subjects, and 0.91 when extracting the values of objects' attributes from natural language access control policies.

show abstract

Section: Abac Definition and Terminologymentioning

confidence: 99%

“…2, whenever possible. For detailed explanation of the basic and the hierarchical forms of ABAC, we refer the reader to Hu et al (2013); Servos and Osborn (2015).…”

Section: Abac Definition and Terminologymentioning

confidence: 99%

See 1 more Smart Citation

Automated extraction of attributes from natural language attribute-based access control (ABAC) Policies

2019

View full text Add to dashboard Cite

show abstract

“…The greatest challenge of applying the ABAC model to the IoT is attribute assignment . To improve the flexibility of access controls and the efficiency of attribute assignment, Servos AND Osborn and Gupta and Sandhu proposed Hierarchical Group and Attribute‐Based Access Control models (HGABAC) and an Administration Model for HGABAC (GURAG). Attribute inheritance relations are introduced through user groups and object groups, and an attribute distribution mechanism for users and user groups is provided.…”

Section: Related Workmentioning

confidence: 99%

A topic‐centric access control model for the publish/subscribe paradigm

Xie

Shi

et al. 2019

Concurrency and Computation

View full text Add to dashboard Cite

Summary The publish/subscribe paradigm provides loosely coupled and scalable communication for the Internet of Things (IoT). In this paradigm, access control is an efficient approach to guaranteeing security. However, existing access control methods are not suitable for the publish/subscribe paradigm in the sensing layer of the IoT due to their coarse‐grained controls and lack of self‐configuration. To address these problems, in this paper, we propose a topic‐centric access control model (TCAC) to realize fine‐grained authorization for the sensing layer of the IoT. First, we use topics, a fundamental concept for the publish/subscribe paradigm, as the basic access control unit to dynamically authorize access according to the attributes of devices, users, and topics. Second, an administration model for TCAC is proposed to manage these attributes and configure access policies to effectively implement user‐driven access controls. Finally, a healthcare case is used to demonstrate the security of the proposed TCAC. The results show that our model is dynamic, fine‐grained, and user driven.

show abstract

“…However, our work focuses on advantages of using an attribute-based approach for RBAC administration. Also, attribute-based access control [11], [12], [20], [21] has been well-studied. Such prior ABAC works primarily focus on operational aspects of access control-that is, making decisions when a user requests access to an object.…”

Section: Related Workmentioning

confidence: 99%

AARBAC: Attribute-Based Administration of Role-Based Access Control

Ninglekhu

Krishnan

2017

2017 IEEE 3rd International Conference on Collaboration and Internet Computing (CIC)

View full text Add to dashboard Cite

Administrative Role Based Access Control (ARBAC) models deal with how to manage user-role assignments (URA), permission-role assignments (PRA), and rolerole assignments (RRA). A wide-variety of approaches have been proposed in the literature for URA, PRA and RRA. In this paper, we propose attribute-based administrative models that unify many prior approaches for URA and PRA. The motivating factor is that attributes of various RBAC entities such as admin users, regular users and permissions can be used to administer URA and PRA in a highly-flexible manner. We develop an attribute-based URA model called AURA and an attribute-based PRA model called ARPA. We demonstrate that AURA and ARPA can express and unify many prior URA and PRA models.

show abstract

HGABAC: Towards a Formal Model of Hierarchical Attribute-Based Access Control

Cited by 41 publications

References 16 publications

Automated extraction of attributes from natural language attribute-based access control (ABAC) Policies

Automated extraction of attributes from natural language attribute-based access control (ABAC) Policies

A topic‐centric access control model for the publish/subscribe paradigm

AARBAC: Attribute-Based Administration of Role-Based Access Control

Contact Info

Product

Resources

About