Abstract
Attribute-based access control (ABAC) and role-based access control (RBAC) are currently the two most popular access control models. Yet, they both have known limitations and offer features complimentary to each other. Due to this fact, integration of RBAC and ABAC has recently emerged as an important area of research. In this paper, we propose an access control model that combines the two models in a novel way in order to unify their benefits. Our approach provides a fine-grained access control mechanism that not only takes contextual information into account while making the access control decisions but is also suitable for applications where access to resources is controlled by exploiting contents of the resources in the policy.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Adam, N.R., Atluri, V., Bertino, E., Ferrari, E.: A content-based authorization model for digital libraries. IEEE Trans. Knowl. Data Eng. 14(2), 296–315 (2002)
Bertino, E., Moustafa A.H., Walid A.G., Elmagarmid, A.K.: An access control model for video database systems. In: International Conference on Information and Knowledge Management, pp. 336–343. ACM (2000)
Best Practices in Enterprise Authorization: The RBAC/ABAC Hybrid Approach (EmpowerID). http://blog.empowerid.com/Portals/174819/docs/EmpowerID-WhitePaper-RBAC-ABAC-Hybrid-Model.pdf
Covington, M.J., Long, W., Srinivasan, S., Dev, A.K., Ahamad, M., Abowd, G.D.: Securing context-aware applications using environment roles. In: Symposium on Access Control Models and Technologies, pp. 10–20. ACM (2001)
Chae, J.H., Shiri, N.: Formalization of RBAC policy with object class hierarchy. In: Dawson, E., Wong, D.S. (eds.) ISPEC 2007. LNCS, vol. 4464, pp. 162–176. Springer, Heidelberg (2007)
Covington, M.J., Sastry, M.R.: A contextual attribute-based access control model. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops. LNCS, vol. 4278, pp. 1996–2006. Springer, Heidelberg (2006)
Coyne, E., Weil, T.R.: ABAC and RBAC: scalable, flexible, and auditable access management. IT Prof. 15(3), 14–16 (2013)
Fischer, J., Marino, D., Majumdar, R., Millstein, T.: Fine-grained access control with object-sensitive roles. In: Drossopoulou, S. (ed.) ECOOP 2009. LNCS, vol. 5653, pp. 173–194. Springer, Heidelberg (2009)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. (TISSEC) 4(3), 224–274 (2001)
Giuri, L., Iglio, P.: Role templates for content-based access control. In: Workshop on Role-Based Access Control, pp. 153–159. ACM (1997)
Ge, M., Osborn, S.L.: A design for parameterized roles. In: Farkas, C., Samarati, P. (eds.) Data, Application Security and Privacy Conference. IFIP, vol. 144, pp. 251–264. Springer, Heidelberg (2004)
Huang, J., Nicol, D.M., Bobba, R., Huh, J.H.: A framework integrating attribute-based policies into RBAC. In: Symposium on Access Control Models and Technologies, pp. 187–196. ACM (2012)
Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering DAC, MAC and RBAC. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 41–55. Springer, Heidelberg (2012)
Jin, X., Sandhu, R., Krishnan, R.: RABAC: role-centric attribute-based access control. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 84–96. Springer, Heidelberg (2012)
Kalam, A.A.E., Baida, R.E., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miege, A., Saurel, C., Trouessin, G.: Organization based access control. In: 4th International Workshop on Policies for Distributed Systems and Networks. IEEE (2003)
Kuhn, D.R., Coyne, E.J., Weil, T.R.: Adding attributes to role-based access control. IEEE Comput. 43, 79–81 (2010)
Kulkarni, D., Tripathi, A.: Context-aware role-based access control in pervasive computing systems. In: Symposium on Access Control Models and Technologies, pp. 113–122. ACM (2008)
Moyer, M.J., Abamad, M.: Generalized role-based access control. In: International Conference on Distributed Computing Systems, pp. 391–398. IEEE (2001)
O’Connor, A.C., Loomis, R.J.: Economic Analysis of Role-Based Access Control. NIST Report (2010)
Rajpoot, Q.M., Jensen, C.D., Krishnan, R.: Integrating attributes into role-based access control. In: Samarati, P. (ed.) DBSec 2015. LNCS, vol. 9149, pp. 242–249. Springer, Heidelberg (2015)
Ray, I., Toahchoodee, M.: A spatio-temporal role-based access control model. In: Barker, S., Ahn, G.-J. (eds.) Data and Applications Security 2007. LNCS, vol. 4602, pp. 211–226. Springer, Heidelberg (2007)
Xu, Z., Stoller, S.D.: Mining attribute-based access control policies from RBAC policies. In: 10th International Conference and Expo on Emerging Technologies for a Smarter World (CEWIT), pp. 1–6. IEEE (2013)
Yuan, E., Tong, J.: Attributed Based Access Control (ABAC) for Web Services. In: International Conference on Web Services. IEEE (2005)
Acknowledgments
The work of first two authors is supported by a grant from the Danish National Advanced Technology Foundation. The work of the third author is supported by a US National Science Foundation grant CNS-1423481.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Rajpoot, Q.M., Jensen, C.D., Krishnan, R. (2015). Attributes Enhanced Role-Based Access Control Model. In: Fischer-Hübner, S., Lambrinoudakis, C., López, J. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2015. Lecture Notes in Computer Science(), vol 9264. Springer, Cham. https://doi.org/10.1007/978-3-319-22906-5_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-22906-5_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-22905-8
Online ISBN: 978-3-319-22906-5
eBook Packages: Computer ScienceComputer Science (R0)