current research and open problems in attribute based
play

Current Research and Open Problems in Attribute-Based Access Control - PowerPoint PPT Presentation

Current Research and Open Problems in Attribute-Based Access Control Daniel Servos dservos5@uwo.ca Department of Computer Science Topics Survey/Proposal Daniel Servos TSP: ABAC February 10th 1 / 31 1. Talk Outline Outline 1 Background


  1. Current Research and Open Problems in Attribute-Based Access Control Daniel Servos dservos5@uwo.ca Department of Computer Science Topics Survey/Proposal Daniel Servos TSP: ABAC February 10th 1 / 31

  2. 1. Talk Outline Outline 1 Background 2 Traditional Models Attribute-Based Access Control Literature Review 3 Methodology & Taxonomy Hybrid Models Open Problems Research Proposal 4 Goals Approach Work to Date Conclusions 5 Daniel Servos TSP: ABAC February 10th 2 / 31

  3. 2. Background Outline 1 Background 2 Traditional Models Attribute-Based Access Control Literature Review 3 Methodology & Taxonomy Hybrid Models Open Problems Research Proposal 4 Goals Approach Work to Date Conclusions 5 Daniel Servos TSP: ABAC February 10th 3 / 31

  4. Traditional Models Discretionary Access Control Mandatory Access Control Role-Based Access Control Daniel Servos TSP: ABAC February 10th 4 / 31

  5. Traditional Models DAC Discretionary Access Control O 1 O 2 .. O n S 1 A [ S 1 , O 1 ] A [ S 1 , O 2 ] .. A [ S 1 , O n ] Mandatory Access Control S 2 A [ S 2 , O 1 ] A [ S 2 , O 2 ] .. A [ S 2 , O n ] .. .. .. .. .. Role-Based Access Control S n A [ S n , O 1 ] A [ S n , O 2 ] .. A [ S n , O n ] Daniel Servos TSP: ABAC February 10th 4 / 31

  6. Traditional Models MAC Discretionary Access Control TS Mandatory Access Control S 1 S 2 S 3 Role-Based Access Control C 1 C 2 U Daniel Servos TSP: ABAC February 10th 4 / 31

  7. Traditional Models RBAC Discretionary Access Control Role Hierarchy Mandatory Access Control User Permission Assignment Assignment Users Roles Permissions Role-Based Access Control Daniel Servos TSP: ABAC February 10th 4 / 31

  8. ABAC Daniel Servos TSP: ABAC February 10th 5 / 31

  9. ABAC Daniel Servos TSP: ABAC February 10th 5 / 31

  10. ABAC Daniel Servos TSP: ABAC February 10th 5 / 31

  11. ABAC Daniel Servos TSP: ABAC February 10th 5 / 31

  12. ABAC Daniel Servos TSP: ABAC February 10th 5 / 31

  13. ABAC Daniel Servos TSP: ABAC February 10th 5 / 31

  14. ABAC Daniel Servos TSP: ABAC February 10th 5 / 31

  15. 3. Literature Review Outline 1 Background 2 Traditional Models Attribute-Based Access Control Literature Review 3 Methodology & Taxonomy Hybrid Models Open Problems Research Proposal 4 Goals Approach Work to Date Conclusions 5 Daniel Servos TSP: ABAC February 10th 6 / 31

  16. Methodology Inclusion Criteria: Refereed journal papers, conference papers and dissertations Found via using queries relating to ABAC on Google Scholar and DBLP Exclusion Criteria: Non-refereed work Not in English Unavailable Date of publication Attribute-based encryption Near duplicates Daniel Servos TSP: ABAC February 10th 7 / 31

  17. Methodology Inclusion Criteria: Refereed journal papers, conference papers and dissertations Found via using queries relating to ABAC on Google Scholar and DBLP Exclusion Criteria: Non-refereed work Not in English Unavailable Date of publication Attribute-based encryption Near duplicates Daniel Servos TSP: ABAC February 10th 7 / 31

  18. Methodology Inclusion Criteria: Refereed journal papers, conference papers and dissertations ABAC Publications per Year Found via using queries relating to ABAC on Google Scholar and 30 DBLP Number of Publications 25 Exclusion Criteria: 20 Non-refereed work Not in English 15 Unavailable 10 Date of publication 5 Attribute-based encryption Near duplicates 0 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 Year Daniel Servos TSP: ABAC February 10th 7 / 31

  19. Taxonomy of Current Research Current ABAC Literature Systematization Applied Works and ABAC of Knowledge Policy Attributes Implementations Models Storage Pure ABAC Hybrid XACML SAML Mining and Evaluation Confiden Confidentiality and Sharing Models Languages Other Models Based Based Engineering and Testing tiality (Certificates) Attribute-Based Attribute- Unified Domain General PRBAC Role-Centric Role Assignment Centric Models Specific Cloud Real-time Collaborative Mobile Grid Web Other Computing Systems Environments Environments Computing Services Daniel Servos TSP: ABAC February 10th 8 / 31

  20. Taxonomy of Current Research ABAC Publications per Category Current ABAC Literature Number of Publications 60 Systematization 50 Applied Works and ABAC of Knowledge Policy Attributes Implementations Models 40 30 Storage Pure ABAC Hybrid XACML SAML Mining and Evaluation Confiden Confidentiality and Sharing Models Languages Other 20 Models Based Based Engineering and Testing tiality (Certificates) 10 0 Attribute-Based Attribute- Unified Domain General PRBAC Role-Centric Role Assignment Centric Models Specific Applied Works & ABAC Models Policy Systematization Attributes Miscellaneous Implementations of Knowledge Cloud Real-time Collaborative Mobile Grid Web Other Computing Systems Environments Environments Computing Services Category Daniel Servos TSP: ABAC February 10th 8 / 31

  21. Taxonomy of Current Research Current ABAC Literature Systematization Applied Works and ABAC of Knowledge Policy Attributes Implementations Models Storage Pure ABAC Hybrid XACML SAML Mining and Evaluation Confiden Confidentiality and Sharing Models Languages Other Models Based Based Engineering and Testing tiality (Certificates) Attribute-Based Attribute- Unified Domain General PRBAC Role-Centric Role Assignment Centric Models Specific Cloud Real-time Collaborative Mobile Grid Web Other Computing Systems Environments Environments Computing Services Daniel Servos TSP: ABAC February 10th 8 / 31

  22. Taxonomy of Current Research Current ABAC Literature ABAC Models Pure ABAC Hybrid Models Models Attribute-Based Attribute- Unified Domain General PRBAC Role-Centric Role Assignment Centric Models Specific Cloud Real-time Collaborative Mobile Grid Web Other Computing Systems Environments Environments Computing Services Daniel Servos TSP: ABAC February 10th 8 / 31

  23. Taxonomy of Current Research Current ABAC ABAC Model Publications per Subcategory Literature Number of Publications 25 ABAC Models 20 15 Pure ABAC Hybrid Models Models 10 5 Attribute-Based Attribute- Unified Domain General 0 PRBAC Role-Centric Role Assignment Centric Models Specific General Domain Specific Hybrid Models Cloud Real-time Collaborative Mobile Grid Web Other Computing Systems Environments Environments Computing Services ABAC Model Subcategory Daniel Servos TSP: ABAC February 10th 8 / 31

  24. General Models Object User Env. Conn. Delegation Formal Admin Complete Hierarchical SoD Attr. Attr. Attr. Attr. Model Model Model A Logic-based ✗ ✓ ✗ ✗ ✗ ✗ ✓ ✗ ✗ Framework for Attributes ABAC ✓ ✓ ✗ ✗ ✗ ✗ ✗ ✓ ✓ ABAC α Limited Very ✓ ✓ ✗ ✗ ✗ ✗ ✗ ✓ ✓ ABAM limited Supporting Secure Collab- Largely ✓ ✓ ✓ ✗ ✗ ✗ ✗ ✗ ✓ orations with informal ABAC Objects & ✓ ✓ ✓ ✓ ✗ ✗ ✓ ✗ ✓ HGABAC groups Daniel Servos TSP: ABAC February 10th 9 / 31

  25. General Models Object User Env. Conn. Delegation Formal Admin Complete Hierarchical SoD Attr. Attr. Attr. Attr. Model Model Model A Logic-based ✗ ✓ ✗ ✗ ✗ ✗ ✓ ✗ ✗ Framework for Attributes ABAC ✓ ✓ ✗ ✗ ✗ ✗ ✗ ✓ ✓ ABAC α Limited Very ✓ ✓ ✗ ✗ ✗ ✗ ✗ ✓ ✓ ABAM limited Supporting Secure Collab- Largely ✓ ✓ ✓ ✗ ✗ ✗ ✗ ✗ ✓ orations with informal ABAC Objects & ✓ ✓ ✓ ✓ ✗ ✗ ✓ ✗ ✓ HGABAC groups Daniel Servos TSP: ABAC February 10th 9 / 31

  26. General Models Object User Env. Conn. Delegation Formal Admin Complete Hierarchical SoD Attr. Attr. Attr. Attr. Model Model Model A Logic-based ✗ ✓ ✗ ✗ ✗ ✗ ✓ ✗ ✗ Framework for Attributes ABAC A Logic-based Framework for Attribute-based Access Control ✓ ✓ ✗ ✗ ✗ ✗ ✗ ✓ ✓ ABAC α Limited L. Wang et al., 2004 Very ✓ ✓ ✗ ✗ ✗ ✗ ✗ ✓ ✓ ABAM One of the first “pure” and “general” ABAC models limited Supporting Focused on the representation, consistency and performance Secure Collab- Largely ✓ ✓ ✓ ✗ ✗ ✗ ✗ ✗ ✓ of attribute-based policies orations with informal ABAC Introduces hierarchical attributes Objects & ✓ ✓ ✓ ✓ ✗ ✗ ✓ ✗ ✓ HGABAC groups Missing object attributes Only formalizes policies and their evaluation Daniel Servos TSP: ABAC February 10th 9 / 31

  27. General Models Object User Env. Conn. Delegation Formal Admin Complete Hierarchical SoD Attr. Attr. Attr. Attr. Model Model Model A Logic-based ✗ ✓ ✗ ✗ ✗ ✗ ✓ ✗ ✗ Framework for Attributes ABAC ✓ ✓ ✗ ✗ ✗ ✗ ✗ ✓ ✓ ABAC α Limited Very ✓ ✓ ✗ ✗ ✗ ✗ ✗ ✓ ✓ ABAM limited Supporting Secure Collab- Largely ✓ ✓ ✓ ✗ ✗ ✗ ✗ ✗ ✓ orations with informal ABAC Objects & ✓ ✓ ✓ ✓ ✗ ✗ ✓ ✗ ✓ HGABAC groups Daniel Servos TSP: ABAC February 10th 9 / 31

Recommend


More recommend