An Attribute-Based Access Matrix Mode
Conference Proceeding Article
In traditional access control models like MAC, DAC, and RBAC, authorization decisions are determined according to identities of subjects and objects, which are authenticated by a system completely. Modern access control practices, such as DRM, trust management, and usage control, require flexible authorization policies. In such systems, a subject may be only partially authenticated according to one or more attributes. In this paper we propose an attribute-based access matrix model, named ABAM, which extends the access matrix model. We show that ABAM enhances the expressive power of the access matrix model by supporting attribute-based authorizations. Specifically, ABAM is comprehensive enough to encompass traditional access control models as well as some usage control concepts and specifications. On the other side, expressive power and safety are two fundamental but conflictive objectives in an access control model. We study the safety property of ABAM and conclude that the safety problem is decidable for a restricted case where attribute relationships allow no cycles. The restricted case is shown to be reasonable enough to model practical systems.
Information Security | Software Engineering
Information Security and Trust
Proceedings of the ACM Symposium on Applied Computing (SAC 2005), Sante Fe, New Mexico, March 13-17
City or Country
Santa Fe, NM
ZHANG, Xinwen; LI, Yingjiu; and Nalla, Divya.
An Attribute-Based Access Matrix Mode. (2005). Proceedings of the ACM Symposium on Applied Computing (SAC 2005), Sante Fe, New Mexico, March 13-17. 359-363. Research Collection School Of Information Systems.
Available at: http://ink.library.smu.edu.sg/sis_research/582