Abstract : Recently, there has been considerable interest in attribute based access control (ABAC) to overcome the limitations of the dominant access control models (i.e, discretionary-DAC, mandatory-MAC and role based-RBAC) while unifying their advantages. Although some proposals for ABAC have been published, and even implemented and standardized, there is no consensus on precisely what is meant by ABAC or the required features of ABAC. There is no widely accepted ABAC model as there are for DAC, MAC and RBAC. This paper takes a step towards this end by constructing an ABAC model that has “just sufficient” features to be “easily and naturally” configured to do DAC, MAC and RBAC. For this purpose we understand DAC to mean owner-controlled access control lists, MAC to mean lattice-based access control with tranquility and RBAC to mean flat and hierarchical RBAC. Our central contribution is to take a first cut at establishing formal connections between the three successful classical models and desired ABAC models.
Nora Cuppens-Boulahia; Frédéric Cuppens; Joaquin Garcia-Alfaro. 26th Conference on Data and Applications Security and Privacy (DBSec), Jul 2012, Paris, France. Springer, Lecture Notes in Computer Science, LNCS-7371, pp.41-55, 2012, Data and Applications Security and Privacy XXVI. 〈10.1007/978-3-642-31540-4_4〉
https://hal.inria.fr/hal-01534757
Contributeur : Hal Ifip
<>
Soumis le : jeudi 8 juin 2017 - 11:06:20
Dernière modification le : jeudi 8 juin 2017 - 11:09:28
Document(s) archivé(s) le : samedi 9 septembre 2017 - 12:23:32
Xin Jin, Ram Krishnan, Ravi Sandhu. A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC. Nora Cuppens-Boulahia; Frédéric Cuppens; Joaquin Garcia-Alfaro. 26th Conference on Data and Applications Security and Privacy (DBSec), Jul 2012, Paris, France. Springer, Lecture Notes in Computer Science, LNCS-7371, pp.41-55, 2012, Data and Applications Security and Privacy XXVI. 〈10.1007/978-3-642-31540-4_4〉. 〈hal-01534757〉
