Abstract : Relationship-based access control (ReBAC) has been adopted as themost prominent approach for access control in online social networks (OSNs), where authorization policies are typically specified in terms of relationships of certain types and/or depth between the access requester and the target. However, using relationships alone is often not sufficient to enforce various security and privacy requirements that meet the expectation fromtoday’sOSN users. In thiswork, we integrate attribute-based policies into relationship-based access control. The proposed attribute-aware Re- BAC enhances access control capability and allows finer-grained controls that are not available in ReBAC. The policy specification language for the user-to-user relationship-based access control (UURAC) model proposed in [6] is extended to enable such attribute-aware access control. We also present an enhanced path-checking algorithm to determine the existence of the required attributes and relationships in order to grant access.
https://hal.inria.fr/hal-01284863 Contributor : Hal IfipConnect in order to contact the contributor Submitted on : Tuesday, March 8, 2016 - 11:09:52 AM Last modification on : Monday, May 9, 2016 - 5:58:23 PM Long-term archiving on: : Sunday, November 13, 2016 - 10:26:58 AM
Yuan Cheng, Jaehong Park, Ravi Sandhu. Attribute-Aware Relationship-Based Access Control for Online Social Networks. 28th IFIP Annual Conference on Data and Applications Security and Privacy (DBSec), Jul 2014, Vienna, Austria. pp.292-306, ⟨10.1007/978-3-662-43936-4_19⟩. ⟨hal-01284863⟩