ABAC系统协同管理的管理模型及其安全性分析

2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC) Pub Date : 2016-11-01 DOI:10.1109/CIC.2016.022

S. Jha, S. Sural, V. Atluri, Jaideep Vaidya

{"title":"ABAC系统协同管理的管理模型及其安全性分析","authors":"S. Jha, S. Sural, V. Atluri, Jaideep Vaidya","doi":"10.1109/CIC.2016.022","DOIUrl":null,"url":null,"abstract":"Attribute-based Access Control (ABAC) has been emerging as a suitable choice for large and federated enterprises due to its flexibility in expressing various types of security policies. Improved flexibility, however, results in higher design complexity and consequently, possibility of undesired flow of information. Reliance of access decision on the attribute values of subjects, objects and environment underscores the need for a formal way of managing attribute assignment in ABAC systems. Since large enterprises potentially have hundreds of subjects and thousands of resources, centralized management of attribute assignment is inexpedient. This paper introduces an attribute-based administrative model that supports decentralized administration of ABAC systems. The proposed model consists of a number of operations to administer the set of subjects and the set of subject attribute assignments in an ABAC system. We then suggest a methodology for analyzing the security properties of ABAC using Alloy analyzer in the presence of the proposed administrative model.","PeriodicalId":438546,"journal":{"name":"2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC)","volume":"63 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":"{\"title\":\"An Administrative Model for Collaborative Management of ABAC Systems and Its Security Analysis\",\"authors\":\"S. Jha, S. Sural, V. Atluri, Jaideep Vaidya\",\"doi\":\"10.1109/CIC.2016.022\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Attribute-based Access Control (ABAC) has been emerging as a suitable choice for large and federated enterprises due to its flexibility in expressing various types of security policies. Improved flexibility, however, results in higher design complexity and consequently, possibility of undesired flow of information. Reliance of access decision on the attribute values of subjects, objects and environment underscores the need for a formal way of managing attribute assignment in ABAC systems. Since large enterprises potentially have hundreds of subjects and thousands of resources, centralized management of attribute assignment is inexpedient. This paper introduces an attribute-based administrative model that supports decentralized administration of ABAC systems. The proposed model consists of a number of operations to administer the set of subjects and the set of subject attribute assignments in an ABAC system. We then suggest a methodology for analyzing the security properties of ABAC using Alloy analyzer in the presence of the proposed administrative model.\",\"PeriodicalId\":438546,\"journal\":{\"name\":\"2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC)\",\"volume\":\"63 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"13\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CIC.2016.022\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CIC.2016.022","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 13

摘要

基于属性的访问控制(ABAC)由于其在表达各种类型的安全策略方面的灵活性，已经成为大型和联邦企业的合适选择。然而，提高灵活性会导致更高的设计复杂性，从而可能出现不希望的信息流。访问决策依赖于主体、对象和环境的属性值，强调了ABAC系统中管理属性分配的形式化方法的必要性。由于大型企业可能有数百个主体和数千个资源，因此不适合集中管理属性分配。介绍了一种支持ABAC系统分散管理的基于属性的管理模型。提出的模型由若干操作组成，用于管理ABAC系统中的主题集和主题属性分配集。然后，我们提出了一种在建议的管理模型存在的情况下使用Alloy分析器分析ABAC安全属性的方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

An Administrative Model for Collaborative Management of ABAC Systems and Its Security Analysis

Attribute-based Access Control (ABAC) has been emerging as a suitable choice for large and federated enterprises due to its flexibility in expressing various types of security policies. Improved flexibility, however, results in higher design complexity and consequently, possibility of undesired flow of information. Reliance of access decision on the attribute values of subjects, objects and environment underscores the need for a formal way of managing attribute assignment in ABAC systems. Since large enterprises potentially have hundreds of subjects and thousands of resources, centralized management of attribute assignment is inexpedient. This paper introduces an attribute-based administrative model that supports decentralized administration of ABAC systems. The proposed model consists of a number of operations to administer the set of subjects and the set of subject attribute assignments in an ABAC system. We then suggest a methodology for analyzing the security properties of ABAC using Alloy analyzer in the presence of the proposed administrative model.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC)

自引率

0.00%

发文量