Abstract
Attribute Based Access Control is a widely used access control model, which regulates the access to the resources by evaluating security policies which contain a number of attributes related to the subject, the object and the environment distinguishing thus from a simple access control list or a role-based model. Although, the dynamicity of today’s environments requires security policies that consider a large set of attributes and conditions, making thus the policy writing an error-prone procedure. Existing policy editors are usually targeted to one particular framework and satisfy the needs of this application environment without providing the possibility of a more general use. In this paper we provide a comparison among the most known ABAC policy editors and their characteristics. Moreover, we propose an extension of one of those editors aiming at providing a more general and simple environment which supports the definition not only of attribute based access control policies, but also for Usage Control policies.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
References
Amazon Web Services, I.: Amazon web services: Overview of security processes. https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Whitepaper.pdf. Accessed 01 Jul 2019
Amazon Web Services, I.: Aws identity and access management: user guide. http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html. Accessed 09 Jul 2019
Anderson, A., et al.: Extensible access control markup language (XACML) version 1.0. OASIS (2003)
Ardagna, C., De, S., Vimercati, C.: Comparison of modeling strategies in defining xml-based access control languages. In: Computer Systems Science and Engineering, vol. 19, no. 3. Citeseer (2004)
Batty, M.: Data about cities: redefining big, recasting small. In: Data and the City, pp. 31–43. Routledge (2017)
Colombo, M., Lazouski, A., Martinelli, F., Mori, P.: A proposal on enhancing XACML with continuous usage control features. In: Desprez, F., Getov, V., Priol, T., Yahyapour, R. (eds.) Grids, P2P and Services Computing, pp. 133–146. Springer, Boston (2010). https://doi.org/10.1007/978-1-4419-6794-7_11
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. (TISSEC) 4(3), 224–274 (2001)
Hortonworks: Providing authorization with apache ranger. https://docs.hortonworks.com/HDPDocuments/HDP3/HDP-3.1.0/authorization-ranger/sec_authorization_ranger.pdf. Accessed 09 Jul 2019
Hu, V.C., et al.: Guide to attribute based access control (ABAC) definition and considerations (draft). NIST Special Publication 800(162) (2013)
IDC: The digitization of the world: From edge to core. https://www.seagate.com/files/www-content/our-story/trends/files/idc-seagate-dataage-whitepaper.pdf. Accessed 10 Jul 2019
Khan, N., et al.: Big data: survey, technologies, opportunities, and challenges. Sci. World J. 2014 (2014)
Kitchin, R., McArdle, G.: What makes big data, big data? exploring the ontological characteristics of 26 datasets. Big Data Soc. 3(1), 2053951716631130 (2016)
Lazouski, A., Martinelli, F., Mori, P.: Usage control in computer security: a survey. Comput. Sci. Rev. 4(2), 81–99 (2010)
Lazouski, A., Martinelli, F., Mori, P.: A prototype for enforcing usage control policies based on XACML. In: Fischer-Hübner, S., Katsikas, S., Quirchmayr, G. (eds.) TrustBus 2012. LNCS, vol. 7449, pp. 79–92. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32287-7_7
LLC, I.T.: Security policy tool: user manual. https://securitypolicytool.com/Content/files/Security-policy-tool-user-manual.pdf. Accessed 09 Jul 2019
OASIS: Extensible access control markup language (XACML) version 3.0. 22 January 2013. http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html. Accessed 09 Jul 2019
Park, J., Sandhu, R.: The UCON ABC usage control model. ACM Trans. Inf. Syst. Secur. (TISSEC) 7(1), 128–174 (2004)
OASIS Standard: eXtensible access control markup language (XACML) version 2.0 (2005)
Zhang, Y., Patwa, F., Sandhu, R.: Community-based secure information and resource sharing in AWS public cloud. In: 2015 IEEE Conference on Collaboration and Internet computing (CIC), pp. 46–53. IEEE (2015)
Acknowledgements
This paper was partially supported by the EU H2020 funded project SPARTA, ga n. 830892.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Martinelli, F., Michailidou, C., Osliak, O., Rosetti, A., Marra, A.L., Dimitrakos, T. (2020). A Comparison Among Policy Editors for Attributed Based Access Control Model. In: Saracino, A., Mori, P. (eds) Emerging Technologies for Authorization and Authentication. ETAA 2020. Lecture Notes in Computer Science(), vol 12515. Springer, Cham. https://doi.org/10.1007/978-3-030-64455-0_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-64455-0_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-64454-3
Online ISBN: 978-3-030-64455-0
eBook Packages: Computer ScienceComputer Science (R0)