Abstract
Several attribute-based access control (ABAC) models have been recently proposed to provide finer-grained authorization and to address the shortcomings of existing models. In particular, Servos et al. [33] presented a hierarchical group and attribute based access control (HGABAC) model which introduces a novel approach of attribute inheritance through user and object groups. For authorization purposes the effect of attribute inheritance from groups can be equivalently realized by direct attribute assignment to users and objects. Hence the practical benefit of HGABAC-like models is with respect to administration. In this paper we propose the first administration model for HGABAC called \(\mathrm {GURA_G}\). \(\mathrm {GURA_G}\) consists of three sub-models: UAA for user attribute assignment, UGAA for user-group attribute assignment and UGA for user to user-group assignment.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml
https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security
Al-Kahtani, M.A., Sandhu, R.: A model for attribute-based user-role assignment. In: Proceedings of IEEE ACSAC, pp. 353–362 (2002)
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: Proceedings of IEEE Security and Privacy, pp. 321–334 (2007)
Chadwick, D.W., Otenko, A., Ball, E.: Role-based access control with X.509 attribute certificates. IEEE Internet Comput. 7(2), 62–69 (2003)
Crampton, J., Loizou, G.: Administrative scope: a foundation for role-based administrative models. ACM TISSEC 6(2), 201–231 (2003)
Emura, K., Miyaji, A., Nomura, A., Omote, K., Soshi, M.: A ciphertext-policy attribute-based encryption scheme with constant ciphertext length. In: Bao, F., Li, H., Wang, G. (eds.) ISPEC 2009. LNCS, vol. 5451, pp. 13–23. Springer, Heidelberg (2009)
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of ACM CCS, pp. 89–98 (2006)
Hsu, A.C., Ray, I.: Specification and enforcement of location-aware attribute-based access control for online social networks. In: Proceedings of ACM ABAC 2016, pp. 25–34 (2016)
Hu, V.C., Ferraiolo, D., Kuhn, R., Friedman, A.R., Lang, A.J., Cogdell, M.M., Schnitzer, A., Sandlin, K., Miller, R., Scarfone, K.: Guide to attribute based access control (ABAC) definition and considerations. NIST Special Publication 800–162 (2014)
Hu, V.C., Kuhn, D.R., Ferraiolo, D.F.: Attribute-based access control. IEEE Comput. 2, 85–88 (2015)
Hur, J., Noh, D.K.: Attribute-based access control with efficient revocation in data outsourcing systems. IEEE TPDS 22(7), 1214–1221 (2011)
Jha, S., Sural, S., Atluri, V., Vaidya, J.: Enforcing separation of duty in attribute based access control systems. In: Jajodia, S., et al. (eds.) ICISS 2015. LNCS, vol. 9478, pp. 61–78. Springer, Heidelberg (2015). doi:10.1007/978-3-319-26961-0_5
Jin, X., Krishnan, R., Sandhu, R.: A role-based administration model for attributes. In: Proceedings of ACM SRAS, pp. 7–12 (2012)
Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering DAC, MAC and RBAC. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 41–55. Springer, Heidelberg (2012)
Jin, X., Krishnan, R., Sandhu, R.: Reachability analysis for role-based administration of attributes. In: Proceedings of ACM DIM, pp. 73–84. ACM (2013)
Joshi, J.B., Bertino, E., Latif, U., Ghafoor, A.: A generalized temporal role-based access control model. IEEE TKDE 17(1), 4–23 (2005)
Kandala, S., Sandhu, R., Bhamidipati, V.: An attribute based framework for risk-adaptive access control models. In: Proceedings of IEEE ARES, pp. 236–241, August 2011
Kounga, G., Mont, M.C., Bramhall, P.: Extending XACML access control architecture for allowing preference-based authorisation. In: Katsikas, S., Lopez, J., Soriano, M. (eds.) TrustBus 2010. LNCS, vol. 6264, pp. 153–164. Springer, Heidelberg (2010)
Kuhn, D.R., Coyne, E.J., Weil, T.R.: Adding attributes to role-based access control. IEEE Comput. 43(6), 79–81 (2010)
Lang, B., Foster, I., Siebenlist, F., Ananthakrishnan, R., Freeman, T.: A flexible attribute based access control method for grid computing. J. Grid Comput. 7(2), 169–180 (2009)
Liang, K., Fang, L., Susilo, W., Wong, D.: A ciphertext-policy attribute-based proxy re-encryption with chosen-ciphertext security. In: Proceedings of IEEE INCoS, pp. 552–559 (2013)
Oh, S., Sandhu, R., Zhang, X.: An effective role administration model using organization structure. ACM TISSEC 9(2), 113–137 (2006)
Oppliger, R., Pernul, G., Strauss, C.: Using attribute certificates to implement role-based authorization and access controls. In: Sicherheit in Informationssystemen, pp. 169–184 (2000)
Park, J., Sandhu, R.: The UCON ABC usage control model. ACM TISSEC 7(1), 128–174 (2004)
Preda, S., Cuppens, F., Cuppens-Boulahia, N., Garcia-Alfaro, J., Toutain, L.: Dynamic deployment of context-aware access control policies for constrained security devices. J. Syst. Softw. 84(7), 1144–1159 (2011)
Priebe, T., Dobmeier, W., Kamprath, N.: Supporting attribute-based access control with ontologies. In: Proceedings of IEEE ARES, p. 8 (2006)
Ruj, S., Nayak, A., Stojmenovic, I.: DACC: Distributed Access Control in Clouds. In: Proceedings of IEEE TrustCom, pp. 91–98 (2011)
Sandhu, R., Bhamidipati, V.: An Oracle implementation of the PRA97 model for permission-role assignment. In: Proceedings of ACM RBAC Workshop, pp. 13–21 (1998)
Sandhu, R., Bhamidipati, V., Munawer, Q.: The ARBAC97 model for role-based administration of roles. ACM TISSEC 2(1), 105–135 (1999)
Sandhu, R.S., Bhamidipati, V.: The URA97 model for role-based user-role assignment. In: DBSec, pp. 262–275. Chapman & Hall, Ltd. (1998)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Comput. 2, 38–47 (1996)
Servos, D., Osborn, S.L.: HGABAC: towards a formal model of hierarchical attribute-based access control. In: Cuppens, F., Garcia-Alfaro, J., Zincir Heywood, N., Fong, P.W.L. (eds.) FPS 2014. LNCS, vol. 8930, pp. 187–204. Springer, Heidelberg (2015)
Shen, H., Hong, F.: An attribute-based access control model for web services. In: Proceedings of IEEE PDCAT, pp. 74–79 (2006)
Squicciarini, A.C., Hintoglu, A.A., Bertino, E., Saygin, Y.: A privacy preserving assertion based policy language for federation systems. In: Proceedings of ACM SACMAT, pp. 51–60 (2007)
Wang, L., Wijesekera, D., Jajodia, S.: A logic-based framework for attribute based access control. In: Proceedings of ACM FMSE, pp. 45–55 (2004)
Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: Proceedings of IEEE ICWS (2005)
Acknowledgement
This research is partially supported by NSF Grants CNS-1111925 and CNS-1423481.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Gupta, M., Sandhu, R. (2016). The \(\mathrm {GURA_G}\) Administrative Model for User and Group Attribute Assignment. In: Chen, J., Piuri, V., Su, C., Yung, M. (eds) Network and System Security. NSS 2016. Lecture Notes in Computer Science(), vol 9955. Springer, Cham. https://doi.org/10.1007/978-3-319-46298-1_21
Download citation
DOI: https://doi.org/10.1007/978-3-319-46298-1_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-46297-4
Online ISBN: 978-3-319-46298-1
eBook Packages: Computer ScienceComputer Science (R0)