Skip to Main content Skip to Navigation
Conference papers

Refresh Instead of Revoke Enhances Safety and Availability: A Formal Analysis

Abstract : Due to inherent delays and performance costs, the decision point in a distributed multi-authority Attribute-Based Access Control (ABAC) system is exposed to the risk of relying on outdated attribute values and policy; which is the safety and consistency problem. This paper formally characterizes three increasingly strong levels of consistency to restrict this exposure. Notably, we recognize the concept of refreshing attribute values rather than simply checking the revocation status, as in traditional approaches. Refresh replaces an older value with a newer one, while revoke simply invalidates the old value. Our lowest consistency level starts from the highest level in prior revocation-based work by Lee and Winslett (LW). Our two higher levels utilize the concept of request time which is absent in LW. For each of our levels we formally show that using refresh instead of revocation provides added safety and availability.
Document type :
Conference papers
Complete list of metadata

Cited literature [29 references]  Display  Hide  Download
Contributor : Hal Ifip <>
Submitted on : Thursday, November 28, 2019 - 2:25:44 PM
Last modification on : Thursday, November 28, 2019 - 2:29:03 PM
Long-term archiving on: : Saturday, February 29, 2020 - 4:01:37 PM


 Restricted access
To satisfy the distribution rights of the publisher, the document is embargoed until : 2022-01-01

Please log in to resquest access to the document


Distributed under a Creative Commons Attribution 4.0 International License



Mehrnoosh Shakarami, Ravi Sandhu. Refresh Instead of Revoke Enhances Safety and Availability: A Formal Analysis. 33th IFIP Annual Conference on Data and Applications Security and Privacy (DBSec), Jul 2019, Charleston, SC, United States. pp.301-313, ⟨10.1007/978-3-030-22479-0_16⟩. ⟨hal-02384596⟩



Record views