Proceedings of the 2nd ACM Workshop on Attribute-Based Access Control 2017
DOI: 10.1145/3041048.3041053
|View full text |Cite
|
Sign up to set email alerts
|

ABAC with Group Attributes and Attribute Hierarchies Utilizing the Policy Machine

Abstract: Attribute-Based Access Control (ABAC) has received significant attention in recent years, although the concept has been around for over two decades now. Many ABAC models, with different variations, have been proposed and formalized. Besides basic ABAC models, there are models designed with additional capabilities such as group attributes, group and attribute hierarchies and so on. Hierarchical relationship among groups and attributes enhances access control flexibility and facilitates attribute management and … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
8
0

Year Published

2018
2018
2024
2024

Publication Types

Select...
3
3
2
1

Relationship

0
9

Authors

Journals

citations
Cited by 30 publications
(9 citation statements)
references
References 26 publications
0
8
0
Order By: Relevance
“…[49,53,51]), specific details of actual technical measures are often missing. For ABAC, implementation guidelines with a deep level of technical context already exist [56,57]. We argue that for successful adoption, combining both worlds is required.…”
Section: Definition Of Comparison Criteriamentioning
confidence: 99%
“…[49,53,51]), specific details of actual technical measures are often missing. For ABAC, implementation guidelines with a deep level of technical context already exist [56,57]. We argue that for successful adoption, combining both worlds is required.…”
Section: Definition Of Comparison Criteriamentioning
confidence: 99%
“…The specific attribute value "Person" may be sufficient for accessing data for a public information request but insufficient for access to a sensitive system since the metadata "Level Clearance" is self-reported and not drawn from an authoritative source. To enhance access control flexibility and facilitate attribute management and administration, hierarchical relationships among groups and attributes are usually applied, such that instead of assigning each user/object with the same attributes, the users/objects can be collected into groups with appropriate group metadata and values (i.e., meta-attribute) [12] which represent the common characteristics of the users/objects in the system. Group metadata can also be combined into a higher order group if a group of metadata possesses the same characteristics.…”
Section: Group Attribute Use Metadatamentioning
confidence: 99%
“…The specific attribute value "Person" may be sufficient for accessing data for a public information request but insufficient for access to a sensitive system since the metadata "Clearance Level" is self-reported and not drawn from an authoritative source. To enhance access control flexibility and facilitate attribute management and administration, hierarchical relationships among groups and attributes are usually applied, such that instead of assigning each subject/object with the same attributes, the subjects/objects can be collected into groups with appropriate group metadata and values (i.e., meta-attribute) [13] which represent the common characteristics of the subjects/objects in the system. Group metadata can also be combined into a higher order group if a group of metadata possesses the same characteristics.…”
Section: Group Attribute Use Metadatamentioning
confidence: 99%