Function-Based Access Control (FBAC): From Access Control Matrix to Access Control Tensor

  title={Function-Based Access Control (FBAC): From Access Control Matrix to Access Control Tensor},
  author={Yvo Desmedt and Arash Shaghaghi},
  journal={Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats},
  • Y. DesmedtArash Shaghaghi
  • Published 15 September 2016
  • Computer Science
  • Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats
The misuse of legitimate access to data is a serious information security concern for both organizations and individuals. From a security engineering viewpoint, this might be due to the failure of access control. Inspired by Functional Encryption, we introduce Function-Based Access Control (FBAC). From an abstract viewpoint, we suggest storing access authorizations as a three-dimensional tensor, or an Access Control Tensor (ACT) rather than the two-dimensional Access Control Matrix (ACM). In… 

Figures from this paper

Towards Policy Enforcement Point as a Service (PEPS)

The architecture of Software-Defined-Network (SDN) is used to introduce a common network-level enforcement point, which is made available to a range of access control systems, which enables the provision of innovative inter-layer and inter-domain Access Control.

Gargoyle: A Network-based Insider Attack Resilient Framework for Organizations

Gargoyle is proposed, a network-based insider attack resilient framework against the most complex insider threats within a pervasive computing context that evaluates the trustworthiness of an access request context through a new set of contextual attributes called Network Context Attribute (NCA).

Software-Defined Network (SDN) Data Plane Security: Issues, Solutions and Future Directions

This paper identifies challenges faced in securing the data plane of SDN - one of the least explored but most critical components of this technology and formalizes this problem space, identifies potential attack scenarios while highlighting possible vulnerabilities and establishes a set of requirements and challenges to protect the data Plane of SDNs.

Insight Into Insiders and IT

A structural taxonomy of insider threat incidents that is based on existing taxonomies and the 5W1H questions of the information gathering problem is presented and systematize knowledge in insider threat research while using an existing grounded theory method for rigorous literature review.

PrivacyGuard: Enforcing Private Data Usage with Blockchain and Attested Execution

In the upcoming evolution of the Internet of Things, it is anticipated that billions of devices will be connected to the Internet and this pervasive large-scale data collection, storage, sharing, and analysis raise many privacy concerns.



RABAC: Role-Centric Attribute-Based Access Control

The novel role-centric attribute-based access control (RABAC) model is proposed which extends the NIST RBAC model with permission filtering policies and defines an XACML profile for RABAC based on the existing XAC ML profile for RBAC.

Role-based access control and the access control matrix

A model of RBAC based on the Access Matrix is presented which makes the relationships between the two explicit and in the process of constructing this model, some fundamental similarities between certain capability models and RBAC are revealed.

Task-role-based access control model

The UCONABC usage control model

This paper introduces the family of UCONABC models for usage control (UCON), which integrate Authorizations, oBligations, and Conditions (C), and addresses the essence of U CON, leaving administration, delegation, and other important but second-order issues for later work.

A fine-grained access control system for XML documents

This work presents an access control model to protect information distributed on the Web that, by exploiting XML's own capabilities, allows the definition and enforcement of access restrictions directly on the structure and content of the documents.

Access control: principle and practice

The access matrix model is reviewed and different approaches to implementing the access matrix in practical systems are described, followed with a discussion of access control policies commonly found in current systems, and a brief consideration ofAccess control administration.

A generalized temporal role-based access control model

This work proposes a generalized temporal role-based access control (GTRBAC) model capable of expressing a wider range of temporal constraints and allows expressing periodic as well as duration constraints on roles, user-role assignments, and role-permission assignments.

Relationship-based access control: protection model and policy language

This work formulate an archetypical ReBAC model to capture the essence of the paradigm, that is, authorization decisions are based on the relationship between the resource owner and the resource accessor in a social network maintained by the protection system.