An Attribute-Based Access Matrix Mode

Publication Type

Conference Proceeding Article

Publication Date

3-2005

Abstract

In traditional access control models like MAC, DAC, and RBAC, authorization decisions are determined according to identities of subjects and objects, which are authenticated by a system completely. Modern access control practices, such as DRM, trust management, and usage control, require flexible authorization policies. In such systems, a subject may be only partially authenticated according to one or more attributes. In this paper we propose an attribute-based access matrix model, named ABAM, which extends the access matrix model. We show that ABAM enhances the expressive power of the access matrix model by supporting attribute-based authorizations. Specifically, ABAM is comprehensive enough to encompass traditional access control models as well as some usage control concepts and specifications. On the other side, expressive power and safety are two fundamental but conflictive objectives in an access control model. We study the safety property of ABAM and conclude that the safety problem is decidable for a restricted case where attribute relationships allow no cycles. The restricted case is shown to be reasonable enough to model practical systems.

Discipline

Information Security | Software Engineering

Research Areas

Information Security and Trust

Publication

Proceedings of the ACM Symposium on Applied Computing (SAC 2005), Sante Fe, New Mexico, March 13-17

First Page

359

Last Page

363

ISBN

9781581139648

Identifier

10.1145/1066677.1066760

Publisher

ACM

City or Country

Santa Fe, NM

Additional URL

http://dx.doi.org/10.1145/1066677.1066760

Link to Full Text

Share

COinS