current research and open problems in attribute based
play

Current Research and Open Problems in Attribute-Based Access Control - PowerPoint PPT Presentation

Nov 08, 2023 •324 likes •1.23k views

Current Research and Open Problems in Attribute-Based Access Control Daniel Servos dservos5@uwo.ca Department of Computer Science Topics Survey/Proposal Daniel Servos TSP: ABAC February 10th 1 / 31 1. Talk Outline Outline 1 Background

  1. Current Research and Open Problems in Attribute-Based Access Control Daniel Servos dservos5@uwo.ca Department of Computer Science Topics Survey/Proposal Daniel Servos TSP: ABAC February 10th 1 / 31

  2. 1. Talk Outline Outline 1 Background 2 Traditional Models Attribute-Based Access Control Literature Review 3 Methodology & Taxonomy Hybrid Models Open Problems Research Proposal 4 Goals Approach Work to Date Conclusions 5 Daniel Servos TSP: ABAC February 10th 2 / 31

  3. 2. Background Outline 1 Background 2 Traditional Models Attribute-Based Access Control Literature Review 3 Methodology & Taxonomy Hybrid Models Open Problems Research Proposal 4 Goals Approach Work to Date Conclusions 5 Daniel Servos TSP: ABAC February 10th 3 / 31

  4. Traditional Models Discretionary Access Control Mandatory Access Control Role-Based Access Control Daniel Servos TSP: ABAC February 10th 4 / 31

  5. Traditional Models DAC Discretionary Access Control O 1 O 2 .. O n S 1 A [ S 1 , O 1 ] A [ S 1 , O 2 ] .. A [ S 1 , O n ] Mandatory Access Control S 2 A [ S 2 , O 1 ] A [ S 2 , O 2 ] .. A [ S 2 , O n ] .. .. .. .. .. Role-Based Access Control S n A [ S n , O 1 ] A [ S n , O 2 ] .. A [ S n , O n ] Daniel Servos TSP: ABAC February 10th 4 / 31

  6. Traditional Models MAC Discretionary Access Control TS Mandatory Access Control S 1 S 2 S 3 Role-Based Access Control C 1 C 2 U Daniel Servos TSP: ABAC February 10th 4 / 31

  7. Traditional Models RBAC Discretionary Access Control Role Hierarchy Mandatory Access Control User Permission Assignment Assignment Users Roles Permissions Role-Based Access Control Daniel Servos TSP: ABAC February 10th 4 / 31

  8. ABAC Daniel Servos TSP: ABAC February 10th 5 / 31

  9. ABAC Daniel Servos TSP: ABAC February 10th 5 / 31

  10. ABAC Daniel Servos TSP: ABAC February 10th 5 / 31

  11. ABAC Daniel Servos TSP: ABAC February 10th 5 / 31

  12. ABAC Daniel Servos TSP: ABAC February 10th 5 / 31

  13. ABAC Daniel Servos TSP: ABAC February 10th 5 / 31

  14. ABAC Daniel Servos TSP: ABAC February 10th 5 / 31

  15. 3. Literature Review Outline 1 Background 2 Traditional Models Attribute-Based Access Control Literature Review 3 Methodology & Taxonomy Hybrid Models Open Problems Research Proposal 4 Goals Approach Work to Date Conclusions 5 Daniel Servos TSP: ABAC February 10th 6 / 31

  16. Methodology Inclusion Criteria: Refereed journal papers, conference papers and dissertations Found via using queries relating to ABAC on Google Scholar and DBLP Exclusion Criteria: Non-refereed work Not in English Unavailable Date of publication Attribute-based encryption Near duplicates Daniel Servos TSP: ABAC February 10th 7 / 31

  17. Methodology Inclusion Criteria: Refereed journal papers, conference papers and dissertations Found via using queries relating to ABAC on Google Scholar and DBLP Exclusion Criteria: Non-refereed work Not in English Unavailable Date of publication Attribute-based encryption Near duplicates Daniel Servos TSP: ABAC February 10th 7 / 31

  18. Methodology Inclusion Criteria: Refereed journal papers, conference papers and dissertations ABAC Publications per Year Found via using queries relating to ABAC on Google Scholar and 30 DBLP Number of Publications 25 Exclusion Criteria: 20 Non-refereed work Not in English 15 Unavailable 10 Date of publication 5 Attribute-based encryption Near duplicates 0 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 Year Daniel Servos TSP: ABAC February 10th 7 / 31

  19. Taxonomy of Current Research Current ABAC Literature Systematization Applied Works and ABAC of Knowledge Policy Attributes Implementations Models Storage Pure ABAC Hybrid XACML SAML Mining and Evaluation Confiden Confidentiality and Sharing Models Languages Other Models Based Based Engineering and Testing tiality (Certificates) Attribute-Based Attribute- Unified Domain General PRBAC Role-Centric Role Assignment Centric Models Specific Cloud Real-time Collaborative Mobile Grid Web Other Computing Systems Environments Environments Computing Services Daniel Servos TSP: ABAC February 10th 8 / 31

  20. Taxonomy of Current Research ABAC Publications per Category Current ABAC Literature Number of Publications 60 Systematization 50 Applied Works and ABAC of Knowledge Policy Attributes Implementations Models 40 30 Storage Pure ABAC Hybrid XACML SAML Mining and Evaluation Confiden Confidentiality and Sharing Models Languages Other 20 Models Based Based Engineering and Testing tiality (Certificates) 10 0 Attribute-Based Attribute- Unified Domain General PRBAC Role-Centric Role Assignment Centric Models Specific Applied Works & ABAC Models Policy Systematization Attributes Miscellaneous Implementations of Knowledge Cloud Real-time Collaborative Mobile Grid Web Other Computing Systems Environments Environments Computing Services Category Daniel Servos TSP: ABAC February 10th 8 / 31

  21. Taxonomy of Current Research Current ABAC Literature Systematization Applied Works and ABAC of Knowledge Policy Attributes Implementations Models Storage Pure ABAC Hybrid XACML SAML Mining and Evaluation Confiden Confidentiality and Sharing Models Languages Other Models Based Based Engineering and Testing tiality (Certificates) Attribute-Based Attribute- Unified Domain General PRBAC Role-Centric Role Assignment Centric Models Specific Cloud Real-time Collaborative Mobile Grid Web Other Computing Systems Environments Environments Computing Services Daniel Servos TSP: ABAC February 10th 8 / 31

  22. Taxonomy of Current Research Current ABAC Literature ABAC Models Pure ABAC Hybrid Models Models Attribute-Based Attribute- Unified Domain General PRBAC Role-Centric Role Assignment Centric Models Specific Cloud Real-time Collaborative Mobile Grid Web Other Computing Systems Environments Environments Computing Services Daniel Servos TSP: ABAC February 10th 8 / 31

  23. Taxonomy of Current Research Current ABAC ABAC Model Publications per Subcategory Literature Number of Publications 25 ABAC Models 20 15 Pure ABAC Hybrid Models Models 10 5 Attribute-Based Attribute- Unified Domain General 0 PRBAC Role-Centric Role Assignment Centric Models Specific General Domain Specific Hybrid Models Cloud Real-time Collaborative Mobile Grid Web Other Computing Systems Environments Environments Computing Services ABAC Model Subcategory Daniel Servos TSP: ABAC February 10th 8 / 31

  24. General Models Object User Env. Conn. Delegation Formal Admin Complete Hierarchical SoD Attr. Attr. Attr. Attr. Model Model Model A Logic-based ✗ ✓ ✗ ✗ ✗ ✗ ✓ ✗ ✗ Framework for Attributes ABAC ✓ ✓ ✗ ✗ ✗ ✗ ✗ ✓ ✓ ABAC α Limited Very ✓ ✓ ✗ ✗ ✗ ✗ ✗ ✓ ✓ ABAM limited Supporting Secure Collab- Largely ✓ ✓ ✓ ✗ ✗ ✗ ✗ ✗ ✓ orations with informal ABAC Objects & ✓ ✓ ✓ ✓ ✗ ✗ ✓ ✗ ✓ HGABAC groups Daniel Servos TSP: ABAC February 10th 9 / 31

  25. General Models Object User Env. Conn. Delegation Formal Admin Complete Hierarchical SoD Attr. Attr. Attr. Attr. Model Model Model A Logic-based ✗ ✓ ✗ ✗ ✗ ✗ ✓ ✗ ✗ Framework for Attributes ABAC ✓ ✓ ✗ ✗ ✗ ✗ ✗ ✓ ✓ ABAC α Limited Very ✓ ✓ ✗ ✗ ✗ ✗ ✗ ✓ ✓ ABAM limited Supporting Secure Collab- Largely ✓ ✓ ✓ ✗ ✗ ✗ ✗ ✗ ✓ orations with informal ABAC Objects & ✓ ✓ ✓ ✓ ✗ ✗ ✓ ✗ ✓ HGABAC groups Daniel Servos TSP: ABAC February 10th 9 / 31

  26. General Models Object User Env. Conn. Delegation Formal Admin Complete Hierarchical SoD Attr. Attr. Attr. Attr. Model Model Model A Logic-based ✗ ✓ ✗ ✗ ✗ ✗ ✓ ✗ ✗ Framework for Attributes ABAC A Logic-based Framework for Attribute-based Access Control ✓ ✓ ✗ ✗ ✗ ✗ ✗ ✓ ✓ ABAC α Limited L. Wang et al., 2004 Very ✓ ✓ ✗ ✗ ✗ ✗ ✗ ✓ ✓ ABAM One of the first “pure” and “general” ABAC models limited Supporting Focused on the representation, consistency and performance Secure Collab- Largely ✓ ✓ ✓ ✗ ✗ ✗ ✗ ✗ ✓ of attribute-based policies orations with informal ABAC Introduces hierarchical attributes Objects & ✓ ✓ ✓ ✓ ✗ ✗ ✓ ✗ ✓ HGABAC groups Missing object attributes Only formalizes policies and their evaluation Daniel Servos TSP: ABAC February 10th 9 / 31

  27. General Models Object User Env. Conn. Delegation Formal Admin Complete Hierarchical SoD Attr. Attr. Attr. Attr. Model Model Model A Logic-based ✗ ✓ ✗ ✗ ✗ ✗ ✓ ✗ ✗ Framework for Attributes ABAC ✓ ✓ ✗ ✗ ✗ ✗ ✗ ✓ ✓ ABAC α Limited Very ✓ ✓ ✗ ✗ ✗ ✗ ✗ ✓ ✓ ABAM limited Supporting Secure Collab- Largely ✓ ✓ ✓ ✗ ✗ ✗ ✗ ✗ ✓ orations with informal ABAC Objects & ✓ ✓ ✓ ✓ ✗ ✗ ✓ ✗ ✓ HGABAC groups Daniel Servos TSP: ABAC February 10th 9 / 31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Why attribute-based signatures? The kind of authentication required in an attribute-based system

Why attribute-based signatures? The kind of authentication required in an attribute-based system

Attribute-Based Signatures Hemanta K. Maji Manoj Prabhakaran Mike Rosulek November 22, 2010 Abstract We introduce Attribute-Based Signatures (ABS) , a versatile primitive that allows a party to sign a message with fine-grained

864 views • 35 slides
Data Science Techniques for Law and Justice Current State of Research and Open Problems Alexandre

Data Science Techniques for Law and Justice Current State of Research and Open Problems Alexandre

September 14, 2017 1 : IBM Analytics, Cracow Software Lab 2 : Faculty of Computing, Poznan University of Technology Data Science Techniques for Law and Justice Current State of Research and Open Problems Alexandre Quemy 1 , 2 Litterature Review

607 views • 25 slides
Current Research in NLP Mausam Plan (first 25%) Classical papers/problems in IE NELL,

Current Research in NLP Mausam Plan (first 25%) Classical papers/problems in IE NELL,

Current Research in NLP Mausam Plan (first 25%) Classical papers/problems in IE NELL, Open IE, event extraction Important techniques for IE distant supervision, joint inference Plan (from then on: in flux) Machine learning

489 views • 10 slides
Integrating Automata Theory and Process Theory (status and open problems) Bas Luttik (based on

Integrating Automata Theory and Process Theory (status and open problems) Bas Luttik (based on

Integrating Automata Theory and Process Theory (status and open problems) Bas Luttik (based on joint work with Jos Baeten, Paul van Tilburg and Fei Yang) Open Problems in Concurrency Theory Bertinoro, 19 June 2014 Automata Theory (classical

232 views • 20 slides
Attribute-based Encryption for NDNEx Haitao Zhang irl - UCLA Background - NDNEx NDNEx tries to

Attribute-based Encryption for NDNEx Haitao Zhang irl - UCLA Background - NDNEx NDNEx tries to

Attribute-based Encryption for NDNEx Haitao Zhang irl - UCLA Background - NDNEx NDNEx tries to transplat open mHealth to NDN network. The goal is to design a physical activity data ecosystem. Following is the data conceptual block diagram of

466 views • 19 slides
Incorporating Off-Line Attribute Delegation into Hierarchical Group and Attribute-Based Access

Incorporating Off-Line Attribute Delegation into Hierarchical Group and Attribute-Based Access

Incorporating Off-Line Attribute Delegation into Hierarchical Group and Attribute-Based Access Control Daniel Servos Michael Bauer Western University Western University London, Ontario London, Ontario dservos5@uwo.ca bauer@uwo.ca November

511 views • 34 slides
New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective

New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective

New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective Techniques Allison Lewko Brent Waters Roots of Attribute-Based Encryption Moving beyond Public Key Encryption: CEO Manager 1 Manager 2 Bob

341 views • 19 slides
Some of my Favourite Open Problems in the Equational Logic of Processes Luca Aceto ICE-TCS,

Some of my Favourite Open Problems in the Equational Logic of Processes Luca Aceto ICE-TCS,

Introduction The General Setting A menagerie of open problems Call to arms Some of my Favourite Open Problems in the Equational Logic of Processes Luca Aceto ICE-TCS, School of Computer Science, Reykjavik University Open Problems in

713 views • 35 slides
Publishing open access in a subscription- based journal 1 Except when otherwise noted, this work

Publishing open access in a subscription- based journal 1 Except when otherwise noted, this work

Nicole Will De Delft University of Technol ology ogy Publishing open access in a subscription- based journal 1 Except when otherwise noted, this work is licensed CC-BY 4.0. Please attribute TU Delft Submitting to a subscription-based

298 views • 10 slides
Content- -based Recommender Systems based Recommender Systems Content problems, challenges

Content- -based Recommender Systems based Recommender Systems Content problems, challenges

S emantic W eb A ccess and P ersonalization research group http://www.di.uniba.it/~swap Content- -based Recommender Systems based Recommender Systems Content problems, challenges problems, challenges and research directions and research

1.08k views • 89 slides
Context-based security State of the art, open research topics and a case study Stephan Sigg The

Context-based security State of the art, open research topics and a case study Stephan Sigg The

Information Systems Architecture Science Research Division National Institute of Informatics Context-based security State of the art, open research

627 views • 24 slides
Decorated Attribute Grammars Attribute Evaluation Meets Strategic Programming CC 2009, York, UK

Decorated Attribute Grammars Attribute Evaluation Meets Strategic Programming CC 2009, York, UK

Decorated Attribute Grammars Attribute Evaluation Meets Strategic Programming CC 2009, York, UK Lennart Kats , TU Delft ( me ) Tony Sloane, Macquarie Eelco Visser, TU Delft March 19, 2009 Software Engineering Research Group Context

314 views • 29 slides
Attacks in code based cryptography: a survey, new results and open problems J.-P. Tillich Inria,

Attacks in code based cryptography: a survey, new results and open problems J.-P. Tillich Inria,

Attacks in code based cryptography: a survey, new results and open problems J.-P. Tillich Inria, team-project SECRET April 9, 2018 introduction 1. Code based cryptography Difficult problem in coding theory Problem 1. [Decoding] Input: n, r,

800 views • 53 slides
0 A.D: Graphics Graphics problems and opportunities of open-source game Vladislav Belov 0 A.D:

0 A.D: Graphics Graphics problems and opportunities of open-source game Vladislav Belov 0 A.D:

0 A.D: Graphics Graphics problems and opportunities of open-source game Vladislav Belov 0 A.D: Graphics Structure A little history of 0 A.D. Used technologies and how it works. Known problems. Current solutions. Future plans.

353 views • 8 slides
OpenTag : Open Attribute Value Extraction From Product Profiles Guineng Zheng*, Subhabrata

OpenTag : Open Attribute Value Extraction From Product Profiles Guineng Zheng*, Subhabrata

OpenTag : Open Attribute Value Extraction From Product Profiles Guineng Zheng*, Subhabrata Mukherjee , Xin Luna Dong , FeiFei Li* Amazon.com, *University of Utah product KDD 2018 graph 1 Motivation Alexa , what are the flavors of

755 views • 42 slides
MDL-Based Unsupervised Attribute Ranking Zdravko Markov Computer Science Department Central

MDL-Based Unsupervised Attribute Ranking Zdravko Markov Computer Science Department Central

MDL-Based Unsupervised Attribute Ranking Zdravko Markov Computer Science Department Central Connecticut State University New Britain, CT 06050, USA http://www.cs.ccsu.edu/~markov/ markovz@ccsu.edu MDL-Based Unsupervised Attribute Ranking

251 views • 23 slides
Linux System Security Tunables Linux System Security Tunables Linux System Security Tunables

Linux System Security Tunables Linux System Security Tunables Linux System Security Tunables

Linux System Security Tunables Linux System Security Tunables Linux System Security Tunables http://outflux.net/slides/2013/drupal/tunables.pdf R0Ng DrupalCon Portland 2013 Kees Cook <keescook@google.com> (pronounced Case) Who is

474 views • 33 slides
Security and Authorization Access to large databases is generally selective: Distinct users

Security and Authorization Access to large databases is generally selective: Distinct users

Security and Authorization Access to large databases is generally selective: Distinct users have distinct privileges. The process of defining and granting these privileges is called authorization. Authorization is generally a positive

514 views • 22 slides
Chapter 7: Unix Security Chapter 7: 1 Objectives Understand the security features provided

Chapter 7: Unix Security Chapter 7: 1 Objectives Understand the security features provided

Chapter 7: Unix Security Chapter 7: 1 Objectives Understand the security features provided by a typical operating system. Introduce the basic Unix security model. See how general security principles are implemented in an actual

733 views • 59 slides
Parameterizing Access Control for Heterogeneous Peer-to-Peer Applications Ashish Gehani Surendar

Parameterizing Access Control for Heterogeneous Peer-to-Peer Applications Ashish Gehani Surendar

Parameterizing Access Control for Heterogeneous Peer-to-Peer Applications Ashish Gehani Surendar Chandra SRI University of Notre Dame 1 INTRODUCTION : Heterogeneous Applications Name resolution - CoDNS Scientific citations - OverCite

441 views • 17 slides
Markov Decision Process Assumption: agent gets to observe the state [Drawing from Sutton and

Markov Decision Process Assumption: agent gets to observe the state [Drawing from Sutton and

Discretization Pieter Abbeel UC Berkeley EECS Markov Decision Process Assumption: agent gets to observe the state [Drawing from Sutton and Barto, Reinforcement Learning: An Introduction, 1998] Markov Decision Process (S, A, T, R, H) Given S:

381 views • 26 slides
Finite elements discretizations of the total variation Antonin Chambolle CMAP, Ecole

Finite elements discretizations of the total variation Antonin Chambolle CMAP, Ecole

Finite elements discretizations of the total variation Antonin Chambolle CMAP, Ecole Polytechnique, CNRS, Palaiseau, France joint with T. Pock (T.U. Graz, Austria) Variational methods and optimization in imaging , IHP, Paris, 4 Feb., 2019

811 views • 41 slides
Fast approximate inference in hybrid Bayesian networks using dynamic discretisation Helge Langseth

Fast approximate inference in hybrid Bayesian networks using dynamic discretisation Helge Langseth

Fast approximate inference in hybrid Bayesian networks using dynamic discretisation Helge Langseth 1 , David Marquez 2 , Martin Neil 2 1 Dept. of Computer and Information Science, The Norwegian University of Science and Technology, Norway 2 School

509 views • 16 slides
t t s r

t t s r

t t s t rt t t s

359 views • 13 slides

More recommend