Article

An attribute-based access matrix model

Authors:

Xinwen Zhang,

Yingjiu Li,

Divya NallaAuthors Info & Claims

SAC '05: Proceedings of the 2005 ACM symposium on Applied computing

Pages 359 - 363

https://doi.org/10.1145/1066677.1066760

Published: 13 March 2005 Publication History

Get Access

Abstract

In traditional access control models like MAC, DAC, and RBAC, authorization decisions are determined according to identities of subjects and objects, which are authenticated by a system completely. Modern access control practices, such as DRM, trust management, and usage control, require flexible authorization policies. In such systems, a subject may be only partially authenticated according to one or more attributes. In this paper we propose an attribute-based access matrix model, named ABAM, which extends the access matrix model. We show that ABAM enhances the expressive power of the access matrix model by supporting attribute-based authorizations. Specifically, ABAM is comprehensive enough to encompass traditional access control models as well as some usage control concepts and specifications. On the other side, expressive power and safety are two fundamental but conflictive objectives in an access control model. We study the safety property of ABAM and conclude that the safety problem is decidable for a restricted case where attribute relationships allow no cycles. The restricted case is shown to be reasonable enough to model practical systems.

References

[1]

M. A. Al-Kahtani and R. Sandhu. A model for attribute-based user-role assignment. In Annual Computer Security Applications Conference, 2002.

Digital Library

Google Scholar

[2]

M. H. Harrison, W. L. Ruzzo, and J. D. Ullman. Protection in operating systems. Communications of the ACM, 19(8):461--471, 1976.

Digital Library

Google Scholar

[3]

N. Li, W. H. Winsborough, and J. C. Mitchell. Design of a role-based trust management framework. In IEEE Symposium on Security and Privacy, pages 114--130, 2002.

Digital Library

Google Scholar

[4]

R. J. Lipton and L. Snyder. A linear time algorithm for deciding subject security. Journal of ACM, 24(3):455--464, 1977.

Digital Library

Google Scholar

[5]

J. Park and R. Sandhu. The uconabc usage control model. ACM Transactions on Information and Systems Security, 2004.

Digital Library

Google Scholar

[6]

R. S. Sandhu. The schematic protection model: Its definition and analysis for acyclic attenuating schemes. Journal of ACM, 35(2):404--432, 1988.

Digital Library

Google Scholar

[7]

R. S. Sandhu. The typed access matrix model. In IEEE Symposium on Security and Privacy, pages 122--136, 1992.

Digital Library

Google Scholar

[8]

M. Soshi. Safety analysis of the dynamic-typed access matrix model. In Proc. 6th European Symposium on Research in Computer Security, 2000.

Digital Library

Google Scholar

Cited By

View all

Lopriore L(2024)Hierarchical password capabilitiesInternational Journal of Parallel, Emergent and Distributed Systems10.1080/17445760.2024.237631639:5(572-588)Online publication date: 9-Jul-2024
https://doi.org/10.1080/17445760.2024.2376316
Ma LLao QYang WYang ZYuan DBu Z(2024)Research on Authorization Model of Attribute Access Control Based on Knowledge GraphUbiquitous Security10.1007/978-981-97-1274-8_23(348-359)Online publication date: 13-Mar-2024
https://doi.org/10.1007/978-981-97-1274-8_23
Lopriore L(2023)Split consensus for object securityInternational Journal of Parallel, Emergent and Distributed Systems10.1080/17445760.2023.222521738:5(327-341)Online publication date: 15-Jun-2023
https://doi.org/10.1080/17445760.2023.2225217
Show More Cited By

Index Terms

An attribute-based access matrix model
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Towards Attribute-Centric Access Control: an ABAC versus RBAC argument

Recent developments in attribute-based access control have fueled the conventional debate regarding the pros and cons of Attributes-based access control ABAC versus Role-based access control RBAC. However, existing arguments have been primarily focused ...
Security analysis for temporal role based access control

Providing restrictive and secure access to resources is a challenging and socially important problem. Among the many formal security models, Role Based Access Control (RBAC) has become the norm in many of today's organizations for enforcing security. ...
An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security
ICFNDS '17: Proceedings of the International Conference on Future Networks and Distributed Systems

Role-based access control (RBAC) is a widely-used protocol to design and build an access control for providing the system security regarding authorization. Even though in the context of internet resources access, the authentication and access control ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

SAC '05: Proceedings of the 2005 ACM symposium on Applied computing

March 2005

1814 pages

ISBN:1581139640

DOI:10.1145/1066677

Conference Chair:
Hisham M. Haddad
Kennesaw State University
,
Editor:
Lorie M. Liebrock
New Mexico Institute of Mining and Technology, Socorro, NM
,
Program Chairs:
Andrea Omicini
Alma Mater Studiorum, Universita di Bologna, Italy
,
Roger L. Wainwright
Univerity of Tulsa, OK

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 March 2005

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

SAC05

Sponsor:

SIGAPP

SAC05: The 2005 ACM Symposium on Applied Computing

March 13 - 17, 2005

New Mexico, Santa Fe

Acceptance Rates

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Upcoming Conference

SAC '25

Sponsor:
sigapp

The 40th ACM/SIGAPP Symposium on Applied Computing

March 31 - April 4, 2025

Catania , Italy

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

35
Total Citations
View Citations
746
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 31 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Lopriore L(2024)Hierarchical password capabilitiesInternational Journal of Parallel, Emergent and Distributed Systems10.1080/17445760.2024.237631639:5(572-588)Online publication date: 9-Jul-2024
https://doi.org/10.1080/17445760.2024.2376316
Ma LLao QYang WYang ZYuan DBu Z(2024)Research on Authorization Model of Attribute Access Control Based on Knowledge GraphUbiquitous Security10.1007/978-981-97-1274-8_23(348-359)Online publication date: 13-Mar-2024
https://doi.org/10.1007/978-981-97-1274-8_23
Lopriore L(2023)Split consensus for object securityInternational Journal of Parallel, Emergent and Distributed Systems10.1080/17445760.2023.222521738:5(327-341)Online publication date: 15-Jun-2023
https://doi.org/10.1080/17445760.2023.2225217
Lopriore L(2022)Cryptographic pointers for fine-grained file access securityInformation Security Journal: A Global Perspective10.1080/19393555.2022.203336531:3(359-375)Online publication date: 28-Feb-2022
https://doi.org/10.1080/19393555.2022.2033365
Lopriore L(2022)A paradigm for secure object access and unrestricted mobility in distributed systemsInternational Journal of Parallel, Emergent and Distributed Systems10.1080/17445760.2022.209538437:5(571-588)Online publication date: 7-Jul-2022
https://doi.org/10.1080/17445760.2022.2095384
Vijayalakshmi KJayalakshmi V(2022)A Study on Current Research and Challenges in Attribute-based Access Control ModelIntelligent Data Communication Technologies and Internet of Things10.1007/978-981-16-7610-9_2(17-31)Online publication date: 28-Feb-2022
https://doi.org/10.1007/978-981-16-7610-9_2
Martins HGuerreiro S(2021)Access Control Challenges in Enterprise EcosystemsResearch Anthology on Blockchain Technology in Business, Healthcare, Education, and Government10.4018/978-1-7998-5351-0.ch029(503-528)Online publication date: 2021
https://doi.org/10.4018/978-1-7998-5351-0.ch029
Han DChen JZhang LShen YWang XGao Y(2020)Access control of blockchain based on dual-policy attribute-based encryption2020 IEEE 22nd International Conference on High Performance Computing and Communications; IEEE 18th International Conference on Smart City; IEEE 6th International Conference on Data Science and Systems (HPCC/SmartCity/DSS)10.1109/HPCC-SmartCity-DSS50907.2020.00200(1282-1290)Online publication date: Dec-2020
https://doi.org/10.1109/HPCC-SmartCity-DSS50907.2020.00200
El Sibai RGemayel NBou Abdo JDemerjian J(2020)A survey on access control mechanisms for cloud computingTransactions on Emerging Telecommunications Technologies10.1002/ett.372031:2Online publication date: 16-Feb-2020
https://dl.acm.org/doi/10.1002/ett.3720
Martins HGuerreiro S(2019)Access Control Challenges in Enterprise EcosystemsGlobal Cyber Security Labor Shortage and International Business Risk10.4018/978-1-5225-5927-6.ch004(51-76)Online publication date: 2019
https://doi.org/10.4018/978-1-5225-5927-6.ch004
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Towards Attribute-Centric Access Control: an ABAC versus RBAC argument

Security analysis for temporal role based access control

An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security