基于实体的访问控制:支持更具表现力的访问控制策略

J. Bogaerts, Maarten Decat, B. Lagaisse, W. Joosen
{"title":"基于实体的访问控制:支持更具表现力的访问控制策略","authors":"J. Bogaerts, Maarten Decat, B. Lagaisse, W. Joosen","doi":"10.1145/2818000.2818009","DOIUrl":null,"url":null,"abstract":"Access control is an important part of security that restricts the actions that users can perform on resources. Policy models specify how these restrictions are formulated in policies. Over the last decades, we have seen several such models, including role-based access control and more recently, attribute-based access control. However, these models do not take into account the relationships between users, resources and entities and their corresponding properties. This limits the expressiveness of these models. In this work, we present Entity-Based Access Control (EBAC). EBAC introduces entities as a primary concept and takes into account both attributes and relationships to evaluate policies. In addition, we present Auctoritas. Auctoritas is a authorization system that provides a practical policy language and evaluation engine for EBAC. We find that EBAC increases the expressiveness of policies and fits the application domain well. Moreover, our evaluation shows that entity-based policies described in Auctoritas can be enforced with a low policy evaluation latency.","PeriodicalId":338725,"journal":{"name":"Proceedings of the 31st Annual Computer Security Applications Conference","volume":"148 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-12-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"23","resultStr":"{\"title\":\"Entity-Based Access Control: supporting more expressive access control policies\",\"authors\":\"J. Bogaerts, Maarten Decat, B. Lagaisse, W. Joosen\",\"doi\":\"10.1145/2818000.2818009\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Access control is an important part of security that restricts the actions that users can perform on resources. Policy models specify how these restrictions are formulated in policies. Over the last decades, we have seen several such models, including role-based access control and more recently, attribute-based access control. However, these models do not take into account the relationships between users, resources and entities and their corresponding properties. This limits the expressiveness of these models. In this work, we present Entity-Based Access Control (EBAC). EBAC introduces entities as a primary concept and takes into account both attributes and relationships to evaluate policies. In addition, we present Auctoritas. Auctoritas is a authorization system that provides a practical policy language and evaluation engine for EBAC. We find that EBAC increases the expressiveness of policies and fits the application domain well. Moreover, our evaluation shows that entity-based policies described in Auctoritas can be enforced with a low policy evaluation latency.\",\"PeriodicalId\":338725,\"journal\":{\"name\":\"Proceedings of the 31st Annual Computer Security Applications Conference\",\"volume\":\"148 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-12-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"23\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 31st Annual Computer Security Applications Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2818000.2818009\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 31st Annual Computer Security Applications Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2818000.2818009","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 23

摘要

访问控制是安全的重要组成部分,它限制了用户可以对资源执行的操作。策略模型指定如何在策略中制定这些限制。在过去的几十年里,我们已经看到了几个这样的模型,包括基于角色的访问控制和最近的基于属性的访问控制。然而,这些模型没有考虑到用户、资源和实体之间的关系以及它们相应的属性。这限制了这些模型的表现力。在这项工作中,我们提出了基于实体的访问控制(EBAC)。EBAC将实体作为主要概念引入,并考虑属性和关系来评估策略。此外,我们还介绍了Auctoritas。autoritas是一个授权系统,为EBAC提供了实用的政策语言和评估引擎。我们发现EBAC提高了策略的表达性,并且很好地适应了应用领域。此外,我们的评估表明,autoritas中描述的基于实体的策略可以以较低的策略评估延迟来实施。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Entity-Based Access Control: supporting more expressive access control policies
Access control is an important part of security that restricts the actions that users can perform on resources. Policy models specify how these restrictions are formulated in policies. Over the last decades, we have seen several such models, including role-based access control and more recently, attribute-based access control. However, these models do not take into account the relationships between users, resources and entities and their corresponding properties. This limits the expressiveness of these models. In this work, we present Entity-Based Access Control (EBAC). EBAC introduces entities as a primary concept and takes into account both attributes and relationships to evaluate policies. In addition, we present Auctoritas. Auctoritas is a authorization system that provides a practical policy language and evaluation engine for EBAC. We find that EBAC increases the expressiveness of policies and fits the application domain well. Moreover, our evaluation shows that entity-based policies described in Auctoritas can be enforced with a low policy evaluation latency.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信