Attribute-Based Access Control

@article{Hu2015AttributeBasedAC,
  title={Attribute-Based Access Control},
  author={Vincent C. Hu and D. Richard Kuhn and David F. Ferraiolo},
  journal={Computer},
  year={2015},
  volume={48},
  pages={85-88}
}
Attribute-based access control (ABAC) is a flexible approach that can implement AC policies limited only by the computational language and the richness of the available attributes, making it ideal for many distributed or rapidly changing environments. 

Figures and Tables from this paper

Implementing and Managing Policy Rules in Attribute Based Access Control

TLDR
Important considerations in ABAC deployment are summarized in this article, first introduced in the Guide to Attribute Based Access Control.

An Attribute Certificate Management System for Attribute-Based Access Control

TLDR
This paper focuses on attribute-based access control (ABAC) in distributed automation and control systems and adapts concepts of credential management for subjects and uses the same mechanism for both subject and object management.

Deconflicting Policies in Attribute-Based Access Control Systems

TLDR
This paper proposes a comprehensive framework that can support security administrators with tools to continuously analyze, detect and resolve any possible conflicts in ABAC systems.

A semantic-based access control mechanism for distributed systems

TLDR
This paper proposes a novel approach that incorporates semantic technologies in the Attribute-Based Access Control approach that allows for a highly expressive modeling of the context in which access decisions are made, by providing mechanisms to describe rich relationships among entities, which can evolve over time.

Fine Grained Attribute Based Access Control Model for Privacy Protection

TLDR
A lightweight grammar for conditional expressions that are the combination of subject, resource, and environment attributes so that the policies are flexible, dynamic and fine grained for enforcing attribute-based security policies stored in JSON documents.

An Attribute-Based Access Control Extension for OpenStack and Its Enforcement Utilizing the Policy Machine

TLDR
This paper proposes an ABAC extension with user attributes for the OpenStack Access Control (OSAC) model and demonstrates its enforcement utilizing the Policy Machine (PM) developed by the National Institute of Standards and Technology.

A semantic-based access control approach for systems of systems

TLDR
This paper proposes a novel approach that incorporates semantic technologies in the Attribute-Based Access Control approach, which allows for a highly expressive modeling of the context in which access decisions are made, by providing mechanisms to describe rich relationships among entities, which can evolve over time.

Towards a Fine-Grained Privacy-Enabled Attribute-Based Access Control Mechanism

TLDR
A lightweight grammar for conditional expressions that are the combination of subject, resource, and environment attributes so that the policies are flexible, dynamic and fine grained in the ABAC model.

Attribute‐based access control management for multicloud collaboration

TLDR
This work proposes 2 approaches for intercloud rule formation in ABAC, and shows the advantage of developing deny rules along with positive authorizations in reducing the total number of rules, and hence, the response time for evaluating access requests.

Toward attribute-based access control policy in industrial networked systems

TLDR
An alternative model is proposed, built on the ideas of the Attribute Based Access Control model, showing how it can be leveraged to easily define complex access control policies in Industrial Networked Systems.
...

References

SHOWING 1-5 OF 5 REFERENCES

Adding Attributes to Role-Based Access Control

Merging the best features of RBAC and attribute-based systems can provide effective access control for distributed and rapidly changing applications.

Guide to Attribute Based Access Control (ABAC) Definition and Considerations

TLDR
This document provides Federal agencies with a definition of attribute based access control (ABAC) and considerations for using ABAC to improve information sharing within organizations and between organizations while maintaining control of that information.

Assessment of Access Control Systems, NIST Interagency Report 7316

  • Nat’l Institute of Standards and Technology,
  • 2006

Leveraging Today's Megatrends to Drive the Future of Identity Management

  • Gartner Identity and Access Management (IAM) Summit
  • 2012

Assessment of Access Control Systems, NIST Interagency Report 7316, Nat'l Institute of Standards and Technology