research-article

Role-Based ABAC Model for Implementing Least Privileges

Authors:

Muhammad Umar Aftab,

Syed Falahuddin Quadri,

Xuyun NieAuthors Info & Claims

ICSCA '19: Proceedings of the 2019 8th International Conference on Software and Computer Applications

Pages 467 - 471

https://doi.org/10.1145/3316615.3316667

Published: 19 February 2019 Publication History

Abstract

RBAC and ABAC are well-known access control models due to their least privileges and dynamic behavior respectively. They also have some drawbacks like RBAC is unable to provide dynamic behavior and flexibility as well as ABAC is unable to provide tight security and ease of management of permissions as the RBAC can do. In this paper, a hybrid access control model is proposed and developed that combines the strengths of both models. The proposed model implements the concept of roles between a user and the user's attributes as well as between the object and object attributes, in the ABAC system. The proposed model decreases the load of the administrator, provides least of privileges concept in ABAC due to the addition of roles. Authors also implemented the proposed model and discussed with respect to a case study.

References

[1]

SANDHU, R.S., COYNE, E.J., FEINSTEIN, H.L., and YOUMAN, C.E., 1996. Role-based access control models. Computer 29, 2, 38--47.

Digital Library

[2]

AFTAB, M.U., NISAR, A., ASIF, M., ASHRAF, A., and GILL, B., 2013. RBAC Architecture Design Issues in Institutions Collaborative Environment. International Journal of Computer Science Issues 10, 4, 216--221.

[3]

HABIB, M.A. and PRAHER, C., 2009. Object based dynamic separation of duty in RBAC. In International Conference for Internet Technology and Secured Transactions (ICITST 2009) IEEE, 1--5.

[4]

LI, H., WANG, S., TIAN, X., WEI, W., and SUN, C., 2015. A survey of extended role-based access control in cloud computing. In Proceedings of the 4th International Conference on Computer Engineering and Networks Springer, 821--831.

[5]

ANSI INCITS. 2004. Incits 359-2004. Role based access control. American National Standard for Information Technology.

[6]

HABIB, M.A., MAHMOOD, N., SHAHID, M., AFTAB, M.U., AHMAD, U., and FAISAL, C.M.N., 2014. Permission Based Implementation of Dynamic Separation of Duty (DSD) in Role Based Access Control (RBAC). In 8th International Conference on Signal Processing and Communication Systems (ICSPCS 2014) IEEE, 1--10.

[7]

SOOKHAK, M., YU, F.R., KHAN, M.K., XIANG, Y., and BUYYA, R., 2017. Attribute-based data access control in mobile cloud computing: Taxonomy and open issues. Future Generation Computer Systems 72, 273--287.

Digital Library

[8]

JHA, S., SURAL, S., ATLURI, V., and VAIDYA, J., 2018. Specification and verification of separation of duty constraints in attribute-based access control. IEEE Transactions on Information Forensics and Security 13, 4, 897--911.

[9]

HU, V.C., FERRAIOLO, D., KUHN, R., FRIEDMAN, A.R., LANG, A.J., COGDELL, M.M., SCHNITZER, A., SANDLIN, K., MILLER, R., and SCARFONE, K., 2013. Guide to attribute based access control (ABAC) definition and considerations (draft). NIST special publication 800, 162.

[10]

AL-KAHTANI, M. and SANDHU, R., 2002. A model for attribute-based user-role assignment. In 18th Annual Computer Security Applications Conference IEEE, 10.

Digital Library

[11]

COYNE, E. and WEIL, T.R., 2013. ABAC and RBAC: scalable, flexible, and auditable access management. IT Professional 15, 3, 14--16.

Digital Library

[12]

AFTAB, M.U., HABIB, M.A., MEHMOOD, N., ASLAM, M., and IRFAN, M., 2015. Attributed role based access control model. In Conference on Information Assurance and Cyber Security (CIACS 2015) IEEE, 83--89.

[13]

KUHN, D.R., COYNE, E.J., and WEIL, T.R., 2010. Adding attributes to role-based access control. Computer 43, 6, 79--81.

Digital Library

[14]

NINGLEKHU, J.L., 2017. Attribute-based administration of role-based access control The University of Texas at San Antonio.

[15]

QIU, M., GAI, K., THURAISINGHAM, B., TAO, L., and ZHAO, H., 2018. Proactive user-centric secure data scheme using attribute-based semantic access controls for mobile clouds in financial industry. Future Generation Computer Systems 80, 421--429.

Digital Library

[16]

ZHU, Y., HUANG, D., HU, C.-J., and WANG, X., 2015. From RBAC to ABAC: constructing flexible data access control for cloud storage services. IEEE Transactions on Services Computing 8, 4, 601--616.

[17]

VERMA, S., SINGH, M., and KUMAR, S., 2012. Comparative analysis of role base and attribute base access control model in semantic web. International Journal of Computer Applications 46, 18, 1--6.

[18]

UBALE SWAPNAJA, A., MODANI DATTATRAY, G., and APTE SULABHA, S., 2014. Analysis of DAC MAC RBAC access control based models for security. International Journal of Computer Applications 104, 5.

[19]

IMINE, Y., LOUNIS, A., and BOUABDALLAH, A., 2018. Revocable attribute-based access control in mutli-autority systems. Journal of Network and Computer Applications 122, 61--76.

Cited By

Saxena UAlam T(2023)Provisioning trust-oriented role-based access control for maintaining data integrity in cloudInternational Journal of System Assurance Engineering and Management10.1007/s13198-023-02112-x14:6(2559-2578)Online publication date: 9-Sep-2023
https://doi.org/10.1007/s13198-023-02112-x
Souabni HBenbrahim HAmine A(2022)Secure Data Acces in Odoo System2022 8th International Conference on Optimization and Applications (ICOA)10.1109/ICOA55659.2022.9934479(1-5)Online publication date: 6-Oct-2022
https://doi.org/10.1109/ICOA55659.2022.9934479
Annane BAlti ALaouamer LReffad H(2022)Cx‐CP‐ABESecurity and Privacy10.1002/spy2.2495:5Online publication date: 9-Sep-2022
Show More Cited By

Index Terms

Role-Based ABAC Model for Implementing Least Privileges
1. Security and privacy
  1. Security services
    1. Access control

Recommendations

A Category-Based Model for ABAC
ABAC'18: Proceedings of the Third ACM Workshop on Attribute-Based Access Control

In Attribute-Based Access Control (ABAC) systems, access to resources is controlled by evaluating rules against the attributes of the user and the object involved in the access request, as well as the values of the relevant attributes from the ...
A Systematic Approach to Implementing ABAC
ABAC '17: Proceedings of the 2nd ACM Workshop on Attribute-Based Access Control

In this paper we discuss attribute-based access control (ABAC), and how to proceed with a systematic implementation of ABAC across an enterprise. The paper will cover the different steps needed to be successful.
ABAC and RBAC: Scalable, Flexible, and Auditable Access Management

Is it possible to obtain the flexibility and advantages of attribute-based access control while maintaining role-based access control's advantages for analysis and risk control?

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ICSCA '19: Proceedings of the 2019 8th International Conference on Software and Computer Applications

February 2019

611 pages

ISBN:9781450365734

DOI:10.1145/3316615

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

University of New Brunswick: University of New Brunswick

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 19 February 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

National Natural Science Foundation of China

Conference

ICSCA '19

ICSCA '19: 2019 8th International Conference on Software and Computer Applications

February 19 - 21, 2019

Penang, Malaysia

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
322
Total Downloads

Downloads (Last 12 months)57
Downloads (Last 6 weeks)2

Reflects downloads up to 01 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Saxena UAlam T(2023)Provisioning trust-oriented role-based access control for maintaining data integrity in cloudInternational Journal of System Assurance Engineering and Management10.1007/s13198-023-02112-x14:6(2559-2578)Online publication date: 9-Sep-2023
https://doi.org/10.1007/s13198-023-02112-x
Souabni HBenbrahim HAmine A(2022)Secure Data Acces in Odoo System2022 8th International Conference on Optimization and Applications (ICOA)10.1109/ICOA55659.2022.9934479(1-5)Online publication date: 6-Oct-2022
https://doi.org/10.1109/ICOA55659.2022.9934479
Annane BAlti ALaouamer LReffad H(2022)Cx‐CP‐ABESecurity and Privacy10.1002/spy2.2495:5Online publication date: 9-Sep-2022
Xie PYang HWang LWang SFeng TYan Y(2021)Service-Based Hybrid Access Control Technology with Priority Level for the Internet of Vehicles under the Cloud ArchitectureSecurity and Communication Networks10.1155/2021/46460872021Online publication date: 3-Dec-2021
https://dl.acm.org/doi/10.1155/2021/4646087
Zhang JLu NMa JWang RShi W(2021)A Secure Access Control Framework for Cloud ManagementMobile Networks and Applications10.1007/s11036-021-01839-w27:1(404-416)Online publication date: 10-Nov-2021
https://doi.org/10.1007/s11036-021-01839-w
Liu YWu WBo WHan CZhang QZhang C(2021)Permission Dispatching Mechanism Inside and Outside of the Warranty Period for Equipment Maintenance Service SystemHuman Centered Computing10.1007/978-3-030-70626-5_9(84-90)Online publication date: 12-Mar-2021
https://doi.org/10.1007/978-3-030-70626-5_9
Aftab MMunir YOluwasanmi AQin ZAziz MZakria Son NTran V(2020)A Hybrid Access Control Model With Dynamic COI for Secure Localization of Satellite and IoT-Based VehiclesIEEE Access10.1109/ACCESS.2020.29697158(24196-24208)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.2969715
Aftab MQin ZHussain KJamali ZSon NNam NDinh T(2019)Negative Authorization by Implementing Negative Attributes in Attribute-Based Access Control Model for Internet of Medical Things2019 15th International Conference on Semantics, Knowledge and Grids (SKG)10.1109/SKG49510.2019.00036(167-174)Online publication date: Sep-2019
https://doi.org/10.1109/SKG49510.2019.00036

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents