An Attribute-Based Access Matrix Mode

In traditional access control models like MAC, DAC, and RBAC, authorization decisions are determined according to identities of subjects and objects, which are authenticated by a system completely. Modern access control practices, such as DRM, trust management, and usage control, require flexible au...

Full description

Saved in:
Bibliographic Details
Main Authors: ZHANG, Xinwen, LI, Yingjiu, Nalla, Divya
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2005
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/582
http://dx.doi.org/10.1145/1066677.1066760
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
Description
Summary:In traditional access control models like MAC, DAC, and RBAC, authorization decisions are determined according to identities of subjects and objects, which are authenticated by a system completely. Modern access control practices, such as DRM, trust management, and usage control, require flexible authorization policies. In such systems, a subject may be only partially authenticated according to one or more attributes. In this paper we propose an attribute-based access matrix model, named ABAM, which extends the access matrix model. We show that ABAM enhances the expressive power of the access matrix model by supporting attribute-based authorizations. Specifically, ABAM is comprehensive enough to encompass traditional access control models as well as some usage control concepts and specifications. On the other side, expressive power and safety are two fundamental but conflictive objectives in an access control model. We study the safety property of ABAM and conclude that the safety problem is decidable for a restricted case where attribute relationships allow no cycles. The restricted case is shown to be reasonable enough to model practical systems.