An Attribute-Based Access Matrix Mode

An Attribute-Based Access Matrix Mode

In traditional access control models like MAC, DAC, and RBAC, authorization decisions are determined according to identities of subjects and objects, which are authenticated by a system completely. Modern access control practices, such as DRM, trust management, and usage control, require flexible au...

Full description

Saved in:
Bibliographic Details
Main Authors: ZHANG, Xinwen, LI, Yingjiu, Nalla, Divya
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2005
Subjects:
Information Security
Software Engineering
Online Access:https://ink.library.smu.edu.sg/sis_research/582
http://dx.doi.org/10.1145/1066677.1066760
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-1581
record_format dspace
spelling sg-smu-ink.sis_research-15812010-09-24T08:24:04Z An Attribute-Based Access Matrix Mode ZHANG, Xinwen LI, Yingjiu Nalla, Divya In traditional access control models like MAC, DAC, and RBAC, authorization decisions are determined according to identities of subjects and objects, which are authenticated by a system completely. Modern access control practices, such as DRM, trust management, and usage control, require flexible authorization policies. In such systems, a subject may be only partially authenticated according to one or more attributes. In this paper we propose an attribute-based access matrix model, named ABAM, which extends the access matrix model. We show that ABAM enhances the expressive power of the access matrix model by supporting attribute-based authorizations. Specifically, ABAM is comprehensive enough to encompass traditional access control models as well as some usage control concepts and specifications. On the other side, expressive power and safety are two fundamental but conflictive objectives in an access control model. We study the safety property of ABAM and conclude that the safety problem is decidable for a restricted case where attribute relationships allow no cycles. The restricted case is shown to be reasonable enough to model practical systems. 2005-03-01T08:00:00Z text https://ink.library.smu.edu.sg/sis_research/582 info:doi/10.1145/1066677.1066760 http://dx.doi.org/10.1145/1066677.1066760 Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Information Security Software Engineering
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Information Security
Software Engineering
spellingShingle Information Security
Software Engineering
ZHANG, Xinwen
LI, Yingjiu
Nalla, Divya
An Attribute-Based Access Matrix Mode
description In traditional access control models like MAC, DAC, and RBAC, authorization decisions are determined according to identities of subjects and objects, which are authenticated by a system completely. Modern access control practices, such as DRM, trust management, and usage control, require flexible authorization policies. In such systems, a subject may be only partially authenticated according to one or more attributes. In this paper we propose an attribute-based access matrix model, named ABAM, which extends the access matrix model. We show that ABAM enhances the expressive power of the access matrix model by supporting attribute-based authorizations. Specifically, ABAM is comprehensive enough to encompass traditional access control models as well as some usage control concepts and specifications. On the other side, expressive power and safety are two fundamental but conflictive objectives in an access control model. We study the safety property of ABAM and conclude that the safety problem is decidable for a restricted case where attribute relationships allow no cycles. The restricted case is shown to be reasonable enough to model practical systems.
format text
author ZHANG, Xinwen
LI, Yingjiu
Nalla, Divya
author_facet ZHANG, Xinwen
LI, Yingjiu
Nalla, Divya
author_sort ZHANG, Xinwen
title An Attribute-Based Access Matrix Mode
title_short An Attribute-Based Access Matrix Mode
title_full An Attribute-Based Access Matrix Mode
title_fullStr An Attribute-Based Access Matrix Mode
title_full_unstemmed An Attribute-Based Access Matrix Mode
title_sort attribute-based access matrix mode
publisher Institutional Knowledge at Singapore Management University
publishDate 2005
url https://ink.library.smu.edu.sg/sis_research/582
http://dx.doi.org/10.1145/1066677.1066760
_version_ 1770570512843407360

Similar Items