An Administrative Model for Relationship-Based Access Control

@inproceedings{Stoller2015AnAM,
  title={An Administrative Model for Relationship-Based Access Control},
  author={Scott D. Stoller},
  booktitle={DBSec},
  year={2015}
}
  • S. Stoller
  • Published in DBSec 13 July 2015
  • Computer Science
Relationship-based access control (ReBAC) originated in the context of social network systems and recently is being generalized to be suitable for general computing systems. This paper defines a ReBAC model, based on Crampton and Sellwood’s RPPM model, designed to be suitable for general computing systems. Our ReBAC model includes a comprehensive administrative model. The administrative model is comprehensive in the sense that it allows and controls changes to all aspects of the ReBAC policy… 
Relationship‐based access control: More than a social network access control model
  • Jorge Lobo
  • Computer Science
    WIREs Data Mining Knowl. Discov.
  • 2019
TLDR
The aim of this paper is to present an overview of ReBAC from the point of view of the types of policies that have motivated the access control research community to develop different ReBac systems.
RPPM : a relationship-based access control model utilising Relationships, Paths and Principal Matching
TLDR
This thesis presents the design of a relationship-based access control model, called RPPM, which is introduced with the intention of addressing the limitations of existing models, and to accommodate richer types of access control policy.
Generalized Mining of Relationship-Based Access Control Policies in Evolving Systems
TLDR
A systematic algorithm for mining ReBAC authorization policies, and a first of its kind approach to mine graph transition policies that govern the evolution of ReBac systems are proposed.
Security Analysis of Relationship-Based Access Control Policies
TLDR
This paper introduces the security analysis problem for relationship-based access control policies, and proposes a state-transition model of a ReBAC protection system, called RePM, to answer security queries about future states of the system graph and authorizations that are decided accordingly.
ARPPM: Administration in the RPPM Model
TLDR
This work motivates this work with specific requirements for an administrative model and proposes a decentralised discretionary access control approach to administration, whereby users are able to manage model components in the system graph through the addition and deletion of edges.
Object-to-Object Relationship-Based Access Control: Model and Multi-Cloud Demonstration (Invited Paper)
TLDR
A novel Object-to-Object ReBAC model (OOReBAC) which uses object relationships for controlling access to objects is proposed and a proof-of-concept implementation is built using the open source OpenStack cloud platform and specifically its Swift object storage service.
Extended ReBAC Administrative Models with Cascading Revocation and Provenance Support
TLDR
This paper addresses several issues that need to be considered in order to properly execute operation effects, such as cascading revocation and integrity constraints on the relationship graph, and shows that the administrative models can provide the administration capability of the MT-RBAC model originally designed for multi-tenant collaborative cloud systems.
A Survey on Access Control Mechanisms in E-commerce Environments
TLDR
The importance for every business that uses information systems to incorporate access control mechanisms in its production line is stressed, and the current AC approaches along with its several variants and the corresponding solution strategies are analyzed.
Classifying and Comparing Attribute-Based and Relationship-Based Access Control
TLDR
A comparative analysis of ABAC and ReBAC is presented, and it is shown how various ReBac features can be realized with different types ofABAC, and how these two model families are compared in terms of relative expressiveness and performance implications.
Towards a Theory for Semantics and Expressiveness Analysis of Rule-Based Access Control Models
TLDR
This paper proposes a novel theory for capturing the semantics of rule-based policies depending on their support of different constructs such as flexibility of conditional expressions, rule modalities, and conflict resolution, and shows the well-formedness properties of such semantics and how they can be used to analyze the expressive power of a number ofRule-based models.
...
...

References

SHOWING 1-10 OF 18 REFERENCES
Relationship-based access control: protection model and policy language
TLDR
This work formulate an archetypical ReBAC model to capture the essence of the paradigm, that is, authorization decisions are based on the relationship between the resource owner and the resource accessor in a social network maintained by the protection system.
Enforcing access control in Web-based social networks
In this article, we propose an access control mechanism for Web-based social networks, which adopts a rule-based approach for specifying access policies on the resources owned by network
Path conditions and principal matching: a new approach to access control
TLDR
A formal access control model that makes use of ideas from relationship-based access control and a two-stage method for evaluating policies is developed, which defines semantics for path conditions, which is used to develop a rigorous method for evaluate policies.
A User-to-User Relationship-Based Access Control Model for Online Social Networks
TLDR
A novel user-to-user relationship-based access control (UURAC) model for OSN systems that utilizes regular expression notation for such policy specification is proposed and developed.
Administration in role-based access control
TLDR
UARBAC is a new family of administrative models for RBAC that has significant advantages over existing models and is motivated by three principles for designing security mechanisms: flexibility and scalability, psychological acceptability, and economy of mechanism.
Relationship-based access control policies and their policy languages
TLDR
This work argues that the extensive use of what it is called Relational Policies is what distinguishes ReBAC from traditional access control models, and shows that Fong's policy language is representationally incomplete in that certain previously studied Relational policies are not expressible in the language.
Multiparty Access Control for Online Social Networks: Model and Mechanisms
TLDR
This work forms an access control model to capture the essence of multiparty authorization requirements, along with a multiparty policy specification scheme and a policy enforcement mechanism and presents a logical representation of the model that allows for the features of existing logic solvers to perform various analysis tasks on the model.
A Privacy Preservation Model for Facebook-Style Social Network Systems
TLDR
This work delineates the design space of privacy preservation mechanisms for Facebook-style social network systems, and lays out a formal framework for policy analysis in these systems.
Abductive Analysis of Administrative Policies in Rule-Based Access Control
TLDR
A rule- based access control policy language, a rule-based administrative policy model that controls addition and removal of facts and rules, and an abductive analysis algorithm for user-permission reachability are presented.
Caching and Auditing in the RPPM Model
TLDR
The RPPM model can be extended to provide support for caching of authorization decisions and enforcement of separation of duty policies, and it is shown that these extensions are natural and powerful.
...
...