Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us
Search
Cart
Book cover

IFIP Annual Conference on Data and Applications Security and Privacy

DBSec 2012: Data and Applications Security and Privacy XXVI pp 41–55Cite as

  1. Home
  2. Data and Applications Security and Privacy XXVI
  3. Conference paper
A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC

A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC

  • Xin Jin17,
  • Ram Krishnan18 &
  • Ravi Sandhu17 
  • Conference paper
  • 5323 Accesses

  • 215 Citations

  • 1 Altmetric

Part of the Lecture Notes in Computer Science book series (LNISA,volume 7371)

Abstract

Recently, there has been considerable interest in attribute based access control (ABAC) to overcome the limitations of the dominant access control models (i.e, discretionary-DAC, mandatory-MAC and role based-RBAC) while unifying their advantages. Although some proposals for ABAC have been published, and even implemented and standardized, there is no consensus on precisely what is meant by ABAC or the required features of ABAC. There is no widely accepted ABAC model as there are for DAC, MAC and RBAC. This paper takes a step towards this end by constructing an ABAC model that has “just sufficient” features to be “easily and naturally” configured to do DAC, MAC and RBAC. For this purpose we understand DAC to mean owner-controlled access control lists, MAC to mean lattice-based access control with tranquility and RBAC to mean flat and hierarchical RBAC. Our central contribution is to take a first cut at establishing formal connections between the three successful classical models and desired ABAC models.

Keywords

  • Attribute
  • XACML
  • DAC
  • MAC
  • RBAC
  • ABAC

Download conference paper PDF

References

  1. OASIS, Extensible access control markup language (XACML), v2.0 (2005)

    Google Scholar 

  2. OASIS, Security assertion markup language (SAML), v2.0 (2005)

    Google Scholar 

  3. Abdallah, A.E., Khayat, E.J.: A formal model for parameterized role-based access control. In: Formal Aspects in Security and Trust (2004)

    Google Scholar 

  4. Al-Kahtani, M.A., Sandhu, R.S.: A model for attribute-based user-role assignment. In: ACSAC (2002)

    Google Scholar 

  5. Bertino, E., Catania, B., Ferrari, E., Perlasca, P.: A logical framework for reasoning about access control models. In: SACMAT (2001)

    Google Scholar 

  6. Bonatti, P.A., Samarati, P.: Regulating service access and information release on the web. In: ACM CCS (2000)

    Google Scholar 

  7. Bonatti, P.A., Samarati, P.: A uniform framework for regulating service access and information release on the web. J. Comp. Secur. (2002)

    Google Scholar 

  8. Chadwick, D.W., Otenko, A., Ball, E.: Role-based access control with X.509 attribute certificates. IEEE Internet Computing (2003)

    Google Scholar 

  9. Damiani, E., di Vimercati, S.D.C., Samarati, P.: New paradigms for access control in open environments. In: Int. Sym. on Sig. Proc. and Info. Tech. (2005)

    Google Scholar 

  10. Evered, M.: Supporting parameterised roles with object-based access control. In: HICSS (2003)

    Google Scholar 

  11. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Richard Kuhn, D., Chandramouli, R.: Proposed nist standard for role-based access control. ACM Trans. Inf. Syst. Secur. (2001)

    Google Scholar 

  12. Fischer, J., Marino, D., Majumdar, R., Millstein, T.: Fine-Grained Access Control with Object-Sensitive Roles. In: Drossopoulou, S. (ed.) ECOOP 2009. LNCS, vol. 5653, pp. 173–194. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  13. Fuchs, L., Pernul, G., Sandhu, R.: Roles in information security: A survey and classification of the research area. Comp. and Secur. (2011)

    Google Scholar 

  14. Ge, M., Osborn, S.L.: A design for parameterized roles. In: DBSec (2004)

    Google Scholar 

  15. Giuri, L., Iglio, P.: Role templates for content-based access control. In: ACM Workshop on RBAC (1997)

    Google Scholar 

  16. Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S.: Flexible support for multiple access control policies. ACM Trans. Database Syst. (2001)

    Google Scholar 

  17. El Kalam, A.A., Benferhat, S., Miège, A., El Baida, R., Cuppens, F., Saurel, C., Balbiani, P., Deswarte, Y., Trouessin, G.: Organization based access control. In: POLICY (2003)

    Google Scholar 

  18. Kandala, S., Sandhu, R., Bhamidipati, V.: An attribute based framework for risk-adaptive access control models. In: ARES (2011)

    Google Scholar 

  19. Lang, B., Foster, I.T., Siebenlist, F., Ananthakrishnan, R., Freeman, T.: A flexible attribute based access control method for grid computing. J. Grid Comput. (2009)

    Google Scholar 

  20. Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust management framework. In: 2002 IEEE S&P (2002)

    Google Scholar 

  21. Park, J., Sandhu, R.: The UCONabc usage control model. ACM Trans. Inf. Syst. Secur. (2004)

    Google Scholar 

  22. Sandhu, R.S.: Lattice-based access control models. IEEE Computer (1993)

    Google Scholar 

  23. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer (1996)

    Google Scholar 

  24. Sandhu, R.S., Samarati, P.: Access control: Principles and practice. IEEE Com. Mag. (1994)

    Google Scholar 

  25. Schläger, C., Sojer, M., Muschall, B., Pernul, G.: Attribute-Based Authentication and Authorisation Infrastructures for E-Commerce Providers. In: Bauknecht, K., Pröll, B., Werthner, H. (eds.) EC-Web 2006. LNCS, vol. 4082, pp. 132–141. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  26. Wang, L., Wijesekera, D., Jajodia, S.: A logic-based framework for attribute based access control. In: 2nd ACM Workshop on FMSE (2004)

    Google Scholar 

  27. Yong, J., Bertino, E., Toleman, M., Roberts, D.: Extended RBAC with role attributes. In: 10th Pacific Asia Conf. on Info. Sys. (2006)

    Google Scholar 

  28. Yu, T., Ma, X., Winslett, M.: Prunes: an efficient and complete strategy for automated trust negotiation over the internet. In: ACM CCS (2000)

    Google Scholar 

  29. Yu, T., Winslett, M., Seamons, K.E.: Interoperable strategies in automated trust negotiation. In: ACM CCS (2001)

    Google Scholar 

  30. Yu, T., Winslett, M., Seamons, K.E.: Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Trans. Inf. Syst. Secur. (2003)

    Google Scholar 

  31. Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: Intl. ICWS (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Institute for Cyber Security, USA

    Xin Jin & Ravi Sandhu

  2. Dept. of Elect. and Computer Engg., Institute for Cyber Security, USA

    Ram Krishnan

Authors
  1. Xin Jin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ram Krishnan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ravi Sandhu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Télécom Bretagne, Campus de Rennes 2, rue de la Châtaigneraie, 35512, Cesson Sévigné Cedex, France

    Nora Cuppens-Boulahia, Frédéric Cuppens & Joaquin Garcia-Alfaro,  & 

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 IFIP International Federation for Information Processing

About this paper

Cite this paper

Jin, X., Krishnan, R., Sandhu, R. (2012). A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds) Data and Applications Security and Privacy XXVI. DBSec 2012. Lecture Notes in Computer Science, vol 7371. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31540-4_4

Download citation

  • .RIS
  • .ENW
  • .BIB
  • DOI: https://doi.org/10.1007/978-3-642-31540-4_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-31539-8

  • Online ISBN: 978-3-642-31540-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Search

Navigation

  • Find a journal
  • Publish with us

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support

167.114.118.210

Not affiliated

Springer Nature

© 2023 Springer Nature