{"title":"基于图的ABAC策略执行与分析框架。","authors":"Mian Yang, Vijayalakshmi Atluri, Shamik Sural, Jaideep Vaidya","doi":"10.1007/978-3-031-65172-4_1","DOIUrl":null,"url":null,"abstract":"<p><p>In the realm of access control mechanisms, Attribute-Based Access Control (ABAC) stands out for its dynamic and fine-grained approach, enabling permissions to be allocated based on attributes of subjects, objects, and the environment. This paper introduces a graph model for ABAC, named <math> <msub><mrow><mi>G</mi></mrow> <mrow><mi>A</mi> <mi>B</mi> <mi>A</mi> <mi>C</mi></mrow> </msub> </math> . The <math> <msub><mrow><mi>G</mi></mrow> <mrow><mi>A</mi> <mi>B</mi> <mi>A</mi> <mi>C</mi></mrow> </msub> </math> leverages directional flow capacities to enforce access control policies, mapping the potential pathways between a subject and an object to ascertain access rights. Furthermore, graph based modeling of ABAC enables the utilization of readily available commercial graph database systems to implement ABAC. As a result, enforcement and analyses of ABAC can be accomplished simply through graph queries. In particular, we demonstrate this using the Neo4j graph database and present the performance of executing enforcement and different analyses queries.</p>","PeriodicalId":520399,"journal":{"name":"Data and applications security and privacy XXXVIII : 38th Annual IFIP WG 11.3 Conference, DBSec 2024, San Jose, CA, USA, July 15-17, 2024, Proceedings. Annual IFIP WG 11.3 Working Conference on Data and Applications Security (38th : 202...","volume":"14901 ","pages":"3-23"},"PeriodicalIF":0.0000,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC11771151/pdf/","citationCount":"0","resultStr":"{\"title\":\"A Graph-based Framework for ABAC Policy Enforcement and Analysis.\",\"authors\":\"Mian Yang, Vijayalakshmi Atluri, Shamik Sural, Jaideep Vaidya\",\"doi\":\"10.1007/978-3-031-65172-4_1\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p><p>In the realm of access control mechanisms, Attribute-Based Access Control (ABAC) stands out for its dynamic and fine-grained approach, enabling permissions to be allocated based on attributes of subjects, objects, and the environment. This paper introduces a graph model for ABAC, named <math> <msub><mrow><mi>G</mi></mrow> <mrow><mi>A</mi> <mi>B</mi> <mi>A</mi> <mi>C</mi></mrow> </msub> </math> . The <math> <msub><mrow><mi>G</mi></mrow> <mrow><mi>A</mi> <mi>B</mi> <mi>A</mi> <mi>C</mi></mrow> </msub> </math> leverages directional flow capacities to enforce access control policies, mapping the potential pathways between a subject and an object to ascertain access rights. Furthermore, graph based modeling of ABAC enables the utilization of readily available commercial graph database systems to implement ABAC. As a result, enforcement and analyses of ABAC can be accomplished simply through graph queries. In particular, we demonstrate this using the Neo4j graph database and present the performance of executing enforcement and different analyses queries.</p>\",\"PeriodicalId\":520399,\"journal\":{\"name\":\"Data and applications security and privacy XXXVIII : 38th Annual IFIP WG 11.3 Conference, DBSec 2024, San Jose, CA, USA, July 15-17, 2024, Proceedings. Annual IFIP WG 11.3 Working Conference on Data and Applications Security (38th : 202...\",\"volume\":\"14901 \",\"pages\":\"3-23\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC11771151/pdf/\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Data and applications security and privacy XXXVIII : 38th Annual IFIP WG 11.3 Conference, DBSec 2024, San Jose, CA, USA, July 15-17, 2024, Proceedings. Annual IFIP WG 11.3 Working Conference on Data and Applications Security (38th : 202...\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1007/978-3-031-65172-4_1\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"2024/7/13 0:00:00\",\"PubModel\":\"Epub\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Data and applications security and privacy XXXVIII : 38th Annual IFIP WG 11.3 Conference, DBSec 2024, San Jose, CA, USA, July 15-17, 2024, Proceedings. Annual IFIP WG 11.3 Working Conference on Data and Applications Security (38th : 202...","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1007/978-3-031-65172-4_1","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2024/7/13 0:00:00","PubModel":"Epub","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
摘要
在访问控制机制领域中,基于属性的访问控制(ABAC)以其动态和细粒度的方法脱颖而出,允许根据主题、对象和环境的属性分配权限。本文介绍了一种ABAC的图模型,命名为gabac。gaa aa C利用定向流能力来执行访问控制策略,映射主体和对象之间的潜在路径,以确定访问权限。此外,基于图形的ABAC建模可以利用现成的商业图形数据库系统来实现ABAC。因此,ABAC的执行和分析可以简单地通过图形查询完成。特别是,我们使用Neo4j图形数据库演示了这一点,并展示了执行强制和不同分析查询的性能。
A Graph-based Framework for ABAC Policy Enforcement and Analysis.
In the realm of access control mechanisms, Attribute-Based Access Control (ABAC) stands out for its dynamic and fine-grained approach, enabling permissions to be allocated based on attributes of subjects, objects, and the environment. This paper introduces a graph model for ABAC, named . The leverages directional flow capacities to enforce access control policies, mapping the potential pathways between a subject and an object to ascertain access rights. Furthermore, graph based modeling of ABAC enables the utilization of readily available commercial graph database systems to implement ABAC. As a result, enforcement and analyses of ABAC can be accomplished simply through graph queries. In particular, we demonstrate this using the Neo4j graph database and present the performance of executing enforcement and different analyses queries.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
