{"title":"Rew-XAC:一种基于动态策略的弹性ABAC强制请求重写方法","authors":"H. Son, L. Tran, T. K. Dang, Yen Nhi Pham","doi":"10.1109/ACOMP.2016.014","DOIUrl":null,"url":null,"abstract":"Attribute-based access control (ABAC) model manages access control through policies, based on incoming requests in which attributes are basic elements for constructing those policies and requests. Requests depend on existing policies in the system and when policies change attributes, request must be adapted to access resources. In XACML standard, there are four kinds of responses for a request: Permit, Deny, Not Applicable and Indeterminate, but the two last value bring no value to requesters. This paper focuses on rewriting requests received Not Applicable responses by reducing required resource for aligning with policies of systems. We set up a new model based on XACML 3.0 find out the most suitable policy to each input request in four aspects, including Action, Subject, Environment, and Resource to rewrite the request. Finally, the model is implemented based on AT&T Open Source. We use an XACML 3.0 framework, for verifying feasibility of the solution and measuring its performance.","PeriodicalId":133451,"journal":{"name":"2016 International Conference on Advanced Computing and Applications (ACOMP)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"28","resultStr":"{\"title\":\"Rew-XAC: An Approach to Rewriting Request for Elastic ABAC Enforcement with Dynamic Policies\",\"authors\":\"H. Son, L. Tran, T. K. Dang, Yen Nhi Pham\",\"doi\":\"10.1109/ACOMP.2016.014\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Attribute-based access control (ABAC) model manages access control through policies, based on incoming requests in which attributes are basic elements for constructing those policies and requests. Requests depend on existing policies in the system and when policies change attributes, request must be adapted to access resources. In XACML standard, there are four kinds of responses for a request: Permit, Deny, Not Applicable and Indeterminate, but the two last value bring no value to requesters. This paper focuses on rewriting requests received Not Applicable responses by reducing required resource for aligning with policies of systems. We set up a new model based on XACML 3.0 find out the most suitable policy to each input request in four aspects, including Action, Subject, Environment, and Resource to rewrite the request. Finally, the model is implemented based on AT&T Open Source. We use an XACML 3.0 framework, for verifying feasibility of the solution and measuring its performance.\",\"PeriodicalId\":133451,\"journal\":{\"name\":\"2016 International Conference on Advanced Computing and Applications (ACOMP)\",\"volume\":\"37 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"28\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 International Conference on Advanced Computing and Applications (ACOMP)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ACOMP.2016.014\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 International Conference on Advanced Computing and Applications (ACOMP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ACOMP.2016.014","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 28
摘要
基于属性的访问控制(ABAC)模型基于传入请求通过策略管理访问控制,其中属性是构建这些策略和请求的基本元素。请求依赖于系统中的现有策略,当策略更改属性时,必须调整请求以访问资源。在XACML标准中,一个请求有四种响应:Permit、Deny、Not Applicable和Indeterminate,但最后两个值对请求者没有任何价值。本文的重点是通过减少与系统策略一致所需的资源来重写收到的不适用响应的请求。我们基于XACML 3.0建立了一个新的模型,从Action、Subject、Environment和Resource四个方面找出最适合每个输入请求的策略来重写请求。最后,基于AT&T Open Source对模型进行了实现。我们使用XACML 3.0框架来验证解决方案的可行性并测量其性能。
Rew-XAC: An Approach to Rewriting Request for Elastic ABAC Enforcement with Dynamic Policies
Attribute-based access control (ABAC) model manages access control through policies, based on incoming requests in which attributes are basic elements for constructing those policies and requests. Requests depend on existing policies in the system and when policies change attributes, request must be adapted to access resources. In XACML standard, there are four kinds of responses for a request: Permit, Deny, Not Applicable and Indeterminate, but the two last value bring no value to requesters. This paper focuses on rewriting requests received Not Applicable responses by reducing required resource for aligning with policies of systems. We set up a new model based on XACML 3.0 find out the most suitable policy to each input request in four aspects, including Action, Subject, Environment, and Resource to rewrite the request. Finally, the model is implemented based on AT&T Open Source. We use an XACML 3.0 framework, for verifying feasibility of the solution and measuring its performance.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
