A framework integrating attribute-based policies into role-based access control

Jingwei Huang, David Malcolm Nicol, Rakesh Bobba, Jun Ho Huh

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Integrated role-based access control (RBAC) and attribute-based access control (ABAC) is emerging as a promising paradigm. This paper proposes a framework that uses attribute based policies to create a more traditional RBAC model. RBAC has been widely used, but has weaknesses: it is laborintensive and time-consuming to build a model instance, and a pure RBAC system lacks flexibility to efficiently adapt to changing users, objects, and security policies. Particularly, it is impractical to manually make (and maintain) user to role assignments and role to permission assignments in industrial context characterized by a large number of users and/or security objects. ABAC has features complimentary to RBAC, and merging RBAC and ABAC has become an important research topic. This paper proposes a new approach to integrating ABAC with RBAC, by modeling RBAC in two levels. The aboveground level is a standard RBAC model extended with "environment". This level retains the simplicity of RBAC, supporting RBAC model verification/review. The "underground" level is used to represent security knowledge in terms of attribute-based policies, which automatically create the simple RBAC model in the aboveground level. These attribute-based policies bring to RBAC the advantages of ABAC: they are easy to build and easy to adapt to changes. Using this framework, we tackle the problem of permission assignment for large scale applications. This model is motivated by the characteristics and requirements of industrial control systems, and reflects in part certain approaches and practices common in the industry.

Original languageEnglish (US)
Title of host publicationSACMAT'12 - Proceedings of the 17th ACM Symposium on Access Control Models and Technologies
Pages187-196
Number of pages10
DOIs
StatePublished - Jul 25 2012
Event17th ACM Symposium on Access Control Models and Technologies, SACMAT'12 - Newark, NJ, United States
Duration: Jun 20 2012Jun 22 2012

Publication series

NameProceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

Other

Other17th ACM Symposium on Access Control Models and Technologies, SACMAT'12
CountryUnited States
CityNewark, NJ
Period6/20/126/22/12

Keywords

  • Attribute-base access control
  • Industrial control systems
  • RBAC
  • Role engineering

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality
  • Information Systems

Fingerprint Dive into the research topics of 'A framework integrating attribute-based policies into role-based access control'. Together they form a unique fingerprint.

Cite this