Abstract
In information systems where there are a large number of different resources and the resource attributes change frequently, the security, reliability and dynamics of access permissions should be guaranteed. The changing raises security concerns related to authorization, and access control, but existing access control models are difficult to meet practical requirements. In this paper, a resource and attribute based access control model named RA-BAC was proposed. The model bases on attribute-based access control (ABAC) and links access control policy with resource, and redefines the access control rules. Besides, we compare RA-BAC and ABAC from the perspective of theory and simulation experiment respectively to show the advantage of RA-BAC model. We give a detailed analysis combining with instances to show the practicability of the RA-BAC model. RA-BAC solves the problems of policy conflict and policy library expansion in the ABAC model when there are too many resources and the attributes of resources are changed frequently in the system. Using RA-BAC model in system can makes permission query efficient and reduce workload of the system administrator of managing the policy library.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aftab, M.U., Habib, M.A., Mehmood, N., Aslam, M., Irfan, M.: Attributed role based access control model. In: Information Assurance and Cyber Security, pp. 83–89 (2016)
Covington, M.J., Sastry, M.R.: A contextual attribute-based access control model. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006. LNCS, vol. 4278, pp. 1996–2006. Springer, Heidelberg (2006). https://doi.org/10.1007/11915072_108
Fatema, K., Chadwick, D.W., Van Alsenoy, B.: Extracting access control and conflict resolution policies from European data protection law. In: Camenisch, J., Crispo, B., Fischer-Hübner, S., Leenes, R., Russello, G. (eds.) Privacy and Identity 2011. IAICT, vol. 375, pp. 59–72. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31668-5_5
Hein, P., Biswas, D., Martucci, L.A., Muhlhauser, M.: Conflict detection and lifecycle management for access control in publish/subscribe systems. In: IEEE International Symposium on High-Assurance Systems Engineering, pp. 104–111 (2011)
Hu, V.C., et al.: Guide to attribute based access control (ABAC) definition and considerations. ITLB (2014)
Hu, V.C., Kuhn, D.R., Ferraiolo, D.F., Voas, J.: Attribute-based access control. Computer 48(2), 85–88 (2015)
Kuhn, D.R., Coyne, E.J., Weil, T.R.: Adding attributes to role-based access control. Computer 43(6), 79–81 (2010)
Ouldslimane, H., Bande, M., Boucheneb, H.: WiseShare: a collaborative environment for knowledge sharing governed by abac policies. In: International Conference on Collaborative Computing: Networking, Applications and Worksharing, pp. 21–29 (2012)
Riad, K., Yan, Z., Hu, H., Ahn, G.J.: AR-ABAC: a new attribute based access control model supporting attribute-rules for cloud computing. In: IEEE Conference on Collaboration and Internet Computing, pp. 28–35 (2015)
Shu, C., Yang, E.Y., Arenas, A.E.: Detecting conflicts in abac policies with rule reduction and binary-search techniques. In: IEEE International Symposium on Policies for Distributed Systems and Networks, pp. 182–185 (2009)
Singhal, A., Winograd, T., Scarfone, K.: Guide to secure web services. NIST Spec. Publ. 800(95), 4 (2007)
Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: IEEE International Conference on Web Services, pp. 561–569 (2005)
Zhong, J., Hou, S.J.: Attribute-based universal access control framework in open network environment. J. Comput. Appl. 30(10), 2632–2631 (2010)
Acknowledgments
This work is supported by the National Natural Science Foundation (NNSF) of China (Grant No. 61572385).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Ethics declarations
There is no conflict of interest regarding the publication of this paper.
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Liu, G., Fang, L., Wang, Q., Qi, X., Cui, J., Liu, J. (2019). Resource and Attribute Based Access Control Model for System with Huge Amounts of Resources. In: Li, S. (eds) Green, Pervasive, and Cloud Computing. GPC 2018. Lecture Notes in Computer Science(), vol 11204. Springer, Cham. https://doi.org/10.1007/978-3-030-15093-8_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-15093-8_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-15092-1
Online ISBN: 978-3-030-15093-8
eBook Packages: Computer ScienceComputer Science (R0)