{"title":"A Graph-based Framework for ABAC Policy Enforcement and Analysis.","authors":"Mian Yang, Vijayalakshmi Atluri, Shamik Sural, Jaideep Vaidya","doi":"10.1007/978-3-031-65172-4_1","DOIUrl":null,"url":null,"abstract":"<p><p>In the realm of access control mechanisms, Attribute-Based Access Control (ABAC) stands out for its dynamic and fine-grained approach, enabling permissions to be allocated based on attributes of subjects, objects, and the environment. This paper introduces a graph model for ABAC, named <math> <msub><mrow><mi>G</mi></mrow> <mrow><mi>A</mi> <mi>B</mi> <mi>A</mi> <mi>C</mi></mrow> </msub> </math> . The <math> <msub><mrow><mi>G</mi></mrow> <mrow><mi>A</mi> <mi>B</mi> <mi>A</mi> <mi>C</mi></mrow> </msub> </math> leverages directional flow capacities to enforce access control policies, mapping the potential pathways between a subject and an object to ascertain access rights. Furthermore, graph based modeling of ABAC enables the utilization of readily available commercial graph database systems to implement ABAC. As a result, enforcement and analyses of ABAC can be accomplished simply through graph queries. In particular, we demonstrate this using the Neo4j graph database and present the performance of executing enforcement and different analyses queries.</p>","PeriodicalId":520399,"journal":{"name":"Data and applications security and privacy XXXVIII : 38th Annual IFIP WG 11.3 Conference, DBSec 2024, San Jose, CA, USA, July 15-17, 2024, Proceedings. Annual IFIP WG 11.3 Working Conference on Data and Applications Security (38th : 202...","volume":"14901 ","pages":"3-23"},"PeriodicalIF":0.0000,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC11771151/pdf/","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Data and applications security and privacy XXXVIII : 38th Annual IFIP WG 11.3 Conference, DBSec 2024, San Jose, CA, USA, July 15-17, 2024, Proceedings. Annual IFIP WG 11.3 Working Conference on Data and Applications Security (38th : 202...","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1007/978-3-031-65172-4_1","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2024/7/13 0:00:00","PubModel":"Epub","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
In the realm of access control mechanisms, Attribute-Based Access Control (ABAC) stands out for its dynamic and fine-grained approach, enabling permissions to be allocated based on attributes of subjects, objects, and the environment. This paper introduces a graph model for ABAC, named . The leverages directional flow capacities to enforce access control policies, mapping the potential pathways between a subject and an object to ascertain access rights. Furthermore, graph based modeling of ABAC enables the utilization of readily available commercial graph database systems to implement ABAC. As a result, enforcement and analyses of ABAC can be accomplished simply through graph queries. In particular, we demonstrate this using the Neo4j graph database and present the performance of executing enforcement and different analyses queries.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
