Biswas et al., 2016

Label-Based Access Control: An ABAC Model with Enumerated Authorization Policy

Type

Article

Year

2016

Authors

Biswas, P., Sandhu, R., Krishnan, R.

Identifiers

Abstract

There are two major techniques for specifying authorization policies in Attribute Based Access Control (ABAC) models. The more conventional approach is to define policies by using logical formulas involving attribute values. Examples in this category include ABACα, HGABAC and XACML. The alternate technique for expressing policies is by enumeration. Policy Machine (PM) and 2-sorted-RBAC fall into the later category. In this paper, we present an ABAC model named LaBAC (Label-Based Access Control) which adopts the enumerated style for expressing authorization policies. LaBAC can be viewed as a particularly simple instance of the Policy Machine. LaBAC uses one user attribute (uLabel) and one object attribute (oLabel). An authorization policy in LaBAC for an action is an enumeration using these two attributes. Thus, LaBAC can be considered as a bare minimum ABAC model. We show equivalence of LaBAC and 2-sorted-RBAC with respect to theoretical expressive power. Furthermore, we show how to configure the traditional RBAC (Role-Based Access Control) and LBAC (Lattice-Based Access Control) models in LaBAC to illustrate its expressiveness.

(Biswas et al., 2016, p. 1)

Links

Citation

Biswas, P., Sandhu, R., Krishnan, R., 2016. Label-Based Access Control: An ABAC Model with Enumerated Authorization Policy, in: Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control - ABAC ’16. Presented at the the 2016 ACM International Workshop, ACM Press, New Orleans, Louisiana, USA, pp. 1–12. https://doi.org/10/gh2xpj

 


Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.


This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.