survey

Current Research and Open Problems in Attribute-Based Access Control

Authors:
Daniel Servos

University of Western Ontario, Ontario, Canada

University of Western Ontario, Ontario, Canada

0000-0003-3424-0603
View Profile

,
Sylvia L. Osborn

University of Western Ontario, Ontario, Canada

University of Western Ontario, Ontario, Canada
View Profile

Authors Info & Claims

ACM Computing Surveys Volume 49 Issue 4Article No.: 65pp 1–45https://doi.org/10.1145/3007204

Published:02 January 2017Publication History

ACM Computing Surveys

Abstract

Attribute-based access control (ABAC) is a promising alternative to traditional models of access control (i.e., discretionary access control (DAC), mandatory access control (MAC), and role-based access control (RBAC)) that is drawing attention in both recent academic literature and industry application. However, formalization of a foundational model of ABAC and large scale adoption is still in its infancy. The relatively recent emergence of ABAC still leaves a number of problems unexplored. Issues like delegation, administration, auditability, scalability, hierarchical representations, and the like, have been largely ignored or left to future work.

This article provides a basic introduction to ABAC and a comprehensive review of recent research efforts toward developing formal models of ABAC. A taxonomy of ABAC research is presented and used to categorize and evaluate surveyed articles. Open problems are identified based on the shortcomings of the reviewed works and potential solutions discussed.

References

Ali E. Abdallah and Etienne J. Khayat. 2005. A formal model for parameterized role-based access control. In Formal Aspects in Security and Trust. Springer, 233--246. Google ScholarCross Ref
Nabil R. Adam, Vijayalakshmi Atluri, Elisa Bertino, and Elena Ferrari. 2002. A content-based authorization model for digital libraries. IEEE Transactions on Knowledge and Data Engineering 14, 2 (2002), 296--315. Google ScholarDigital Library
Mohammad A. Al-Kahtani and Ravi Sandhu. 2002. A model for attribute-based user-role assignment. In Proceedings of the 2002 18th Annual Computer Security Applications Conference. IEEE, 353--362. Google ScholarCross Ref
Hadiseh Seyyed Alipour and Mehdi Sabbari. 2012. Definition of action and attribute based access control rules for web services. In Proceedings of the 2012 International Conference on Industrial Engineering and Operations Management. 869--878.Google Scholar
Claudio Agostino Ardagna, Sabrina De Capitani di Vimercati, Gregory Neven, Stefano Paraboschi, F.-S. Preiss, Pierangela Samarati, and Mario Verdicchio. 2010. Enabling privacy-preserving credential-based access control with XACML and SAML. In Proceedings of the 2010 IEEE 10th International Conference on Computer and Information Technology (CIT’10). IEEE, 1090--1095. Google ScholarDigital Library
Franz Baader and Philipp Hanschke. 1991. A Scheme for Integrating Concrete Domains into Concept Languages. Technical Report RR-91-10. DFKI Deutsches Forschungszentrum fr Knstliche Intelligenz.Google Scholar
Ezedin Barka and Ravi Sandhu. 2000a. Framework for role-based delegation models. In Proceedings of the 16th Annual Conference on Computer Security Applications (ACSAC’00). IEEE, 168--176. Google ScholarCross Ref
Ezedin Barka and Ravi Sandhu. 2000b. A role-based delegation model and some extensions. In Proceedings of the 23rd National Information Systems Security Conference. 396--404.Google Scholar
Steve Barker. 2009. The next 700 access control models or a unifying meta-model? In Proceedings of the 14th ACM Symposium on Access Control Models and Technologies. ACM, 187--196. Google ScholarDigital Library
John Bethencourt, Amit Sahai, and Brent Waters. 2007. Ciphertext-policy attribute-based encryption. In Proceedings of the 2007 IEEE Symposium on Security and Privacy (SP’07). IEEE, 321--334. Google ScholarDigital Library
Rafae Bhatti, Arif Ghafoor, Elisa Bertino, and James BD Joshi. 2005. X-GTRBAC: An XML-based policy specification framework and architecture for enterprise-wide access control. ACM Transactions on Information and System Security (TISSEC) 8, 2 (2005), 187--227. Google ScholarDigital Library
Khalid Zaman Bijon, Ram Krishman, and Ravi Sandhu. 2013. Constraints specification in attribute based access control. Science 2, 3 (2013), pp--131.Google Scholar
Rakesh Bobba, Omid Fatemieh, Fariba Khan, Arindam Khan, Carl A. Gunter, Himanshu Khurana, and Manoj Prabhakaran. 2010. Attribute-based messaging: Access control and confidentiality. ACM Transactions on Information and System Security (TISSEC) 13, 4 (2010), 31.Google ScholarDigital Library
David F. C. Brewer and Michael J. Nash. 1989. The Chinese wall security policy. In Proceedings of the 1989 IEEE Symposium on Security and Privacy. IEEE, 206--214. Google ScholarCross Ref
Jery Bryans. 2005. Reasoning about XACML policies using CSP. In Proceedings of the 2005 Workshop on Secure Web Services. ACM, 28--35. Google ScholarDigital Library
Daniel J. Buehrer, Lo Tse-Wen, and Hsieh Chih-Ming. 2001. Abia cadabia: A distributed, intelligent database architecture. Intelligent Multimedia, Computing, and Communications (2001), 1--3.Google Scholar
Daniel J. Buehrer and Chun-Yao Wang. 2012. CA-ABAC: Class algebra attribute-based access control. In Proceedings of the 2012 IEEE/WIC/ACM International Joint Conferences on Web Intelligence and Intelligent Agent Technology-Volume 03. IEEE Computer Society, 220--225.Google Scholar
Mike Burmester, Emmanouil Magkos, and Vassilis Chrissikopoulos. 2013. T-ABAC: An attribute-based access control model for real-time availability in highly dynamic systems. In Proceedings of the 2013 IEEE Symposium on Computers and Communications (ISCC’13). IEEE, 000143--000148. Google ScholarCross Ref
Jan Camenisch, Sebastian Mödersheim, Gregory Neven, Franz-Stefan Preiss, and Dieter Sommer. 2010. A card requirements language enabling privacy-preserving access control. In Proceedings of the 15th ACM Symposium on Access Control Models and Technologies. ACM, 119--128. Google ScholarDigital Library
David W. Chadwick, Alexander Otenko, and Edward Ball. 2003. Role-based access control with X.509 attribute certificates. Internet Computing, IEEE 7, 2 (2003), 62--69. Google ScholarDigital Library
Yanzhe Che, Qiang Yang, Chunming Wu, and Lianhang Ma. 2010. BABAC: An access control framework for network virtualization using user behaviors and attributes. In Proceedings of the 2010 IEEE/ACM International Conference on Green Computing and Communications 8 International Conference on Cyber, Physical and Social Computing. IEEE Computer Society, 747--754.Google ScholarDigital Library
Yuan Cheng, Jaehong Park, and Ravi Sandhu. 2012. A user-to-user relationship-based access control model for online social networks. In Data and Applications Security and Privacy XXVI. Springer, 8--24. Google ScholarDigital Library
Yuan Cheng, Jaehong Park, and Ravi Sandhu. 2014. Attribute-aware relationship-based access control for online social networks. In Data and Applications Security and Privacy XXVIII. Springer, 292--306. Google ScholarDigital Library
Lorenzo Cirio, Isabel F Cruz, and Roberto Tamassia. 2007. A role and attribute based access control system using semantic web technologies. In Proceedings of the 2007 OTM Confederated International Conference on On the Move to Meaningful Internet Systems - Volume Part II (OTM’07). Springer, 1256--1266.Google ScholarCross Ref
James Clark and Steve DeRose. 1999. XML path language (XPath). W3C Recommendation 16.Google Scholar
Michael J. Covington and Manoj R. Sastry. A contextual attribute-based access control model. In Proceedings of the 2006 International Conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, PKSinBIT. Google ScholarDigital Library
Isabel F. Cruz, Rigel Gjomemo, Benjamin Lin, and Mirko Orsini. 2008. A location aware role and attribute based access control system. In Proceedings of the 16th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems. ACM, 84. Google ScholarDigital Library
Isabel F. Cruz, Rigel Gjomemo, Benjamin Lin, and Mirko Orsini. 2009. A constraint and attribute based security framework for dynamic role assignment in collaborative environments. In Collaborative Computing: Networking, Applications and Worksharing. Springer, 322--339. Google ScholarCross Ref
Ni Dan, Shi Hua-Ji, Chen Yuan, and Guo Jia-Hu. 2012. Attribute based access control (ABAC)-based cross-domain access control in service-oriented architecture (SOA). In Proceedings of the 2012 International Conference on Computer Science 8 Service System (CSSS’12). IEEE, 1405--1408. Google ScholarDigital Library
Agostino Dovier, Carla Piazza, Enrico Pontelli, and Gianfranco Rossi. 2000. Sets and constraint logic programming. ACM Transactions on Programming Languages and Systems (TOPLAS) 22, 5 (2000), 861--931. Google ScholarDigital Library
Ali Esmaeeli and Hamid Reza Shahriari. 2010. Privacy protection of grid service requesters through distributed attribute based access control model. In Proceedings of the 5th International Conference on Advances in Grid and Pervasive Computing. Springer, 573--582. Google ScholarDigital Library
S. Farrell and R. Housley. 2002. An Internet Attribute Certificate Profile for Authorization. RFC 3281. RFC Editor. Retrieved from https://www.ietf.org/rfc/rfc3281.txt.Google Scholar
S. Farrell, R. Housley, and S. Turner. 2010. An Internet Attribute Certificate Profile for Authorization. RFC 5755. RFC Editor. Retrieved from https://tools.ietf.org/html/rfc5755.Google Scholar
David Ferraiolo. 2013. Towards an ABAC Family of Models. Retrieved from http://csrc.nist.gov/projects/abac/july2013_workshop/july2013_abac_workshop_abac-model-framework_dferraiolo.pdf.Google Scholar
David Ferraiolo, Vijayalakshmi Atluri, and Serban Gavrila. 2011. The policy machine: A novel architecture and framework for access control policy specification and enforcement. Journal of Systems Architecture 57, 4 (2011), 412--424. Google ScholarDigital Library
David Ferraiolo, Serban Gavrila, and Wayne Jansen. 2015. Policy Machine: Features, Architecture, and Specification. Technical Report NISTIR 7987 Revision 1. National Institute of Standards and Technology. http://dx.doi.org/10.6028/NIST.IR.7987r1 Google ScholarCross Ref
David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D. Richard Kuhn, and Ramaswamy Chandramouli. 2001. Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security (TISSEC) 4, 3 (2001), 224--274. Google ScholarDigital Library
Elena Ferrari, Nabil R. Adam, Vijayalakshmi Atluri, Elisa Bertino, and Ugo Capuozzo. 2002. An authorization system for digital libraries. The VLDB Journal 11, 1 (2002), 58--67. Google ScholarDigital Library
Kathi Fisler, Shriram Krishnamurthi, Leo A. Meyerovich, and Michael Carl Tschantz. 2005. Verification and change-impact analysis of access-control policies. In Proceedings of the 27th International Conference on Software Engineering. ACM, 196--205.Google Scholar
Mei Ge and Sylvia L. Osborn. 2004. A design for parameterized roles. In Research Directions in Data and Applications Security XVIII. Springer, 251--264. Google ScholarCross Ref
Luigi Giuri and Pietro Iglio. 1997. Role templates for content-based access control. In Proceedings of the Second ACM Workshop on Role-Based Access Control. ACM, 153--159. Google ScholarDigital Library
Simon Godik, Anne Anderson, Bill Parducci, Polar Humenn, and Sekhar Vajjhala. 2002. OASIS eXtensible Access Control Markup Language (XACML). Technical Report. OASIS.Google Scholar
Vipul Goyal, Omkant Pandey, Amit Sahai, and Brent Waters. 2006. Attribute-based encryption for fine-grained access control of encrypted data. In Proceedings of the 13th ACM Conference on Computer and Communications Security. ACM, 89--98. Google ScholarDigital Library
Ruo-Fei Han, Hou-Xiang Wang, Qian Xiao, Xiao-Pei Jing, and Hui Li. 2009. A united access control model for systems in collaborative commerce. Journal of Networks 4, 4 (2009), 279--289. Google ScholarCross Ref
Zhengqiu He, Lifa Wu, Huabo Li, Haiguang Lai, and Zheng Hong. 2011. Semantics-based access control approach for web service. Journal of Computers 6, 6 (2011), 1152--1161. Google ScholarCross Ref
Richard Dean Holowczak. 1997. Extractors for Digital Library Objects. Ph.D. Dissertation. Rutgers University, Department of MS/CIS.Google Scholar
Ian Horrocks, Peter F. Patel-Schneider, Harold Boley, Said Tabet, Benjamin Grosof, Mike Dean, and others. 2004. SWRL: A semantic web rule language combining OWL and RuleML. W3C Member Submission 21 (2004), 79.Google Scholar
Vincent C. Hu, David Ferraiolo, Rick Kuhn, Arthur R. Friedman, Alan J. Lang, Margaret M. Cogdell, Adam Schnitzer, Kenneth Sandlin, Robert Miller, and Karen Scarfone. 2013. Guide to attribute based access control (ABAC) Definition and Considerations (Draft). NIST Special Publication 800 (2013), 162.Google Scholar
Jingwei Huang, David M. Nicol, Rakesh Bobba, and Jun Ho Huh. 2012. A framework integrating attribute-based policies into role-based access control. In Proceedings of the 17th ACM Symposium on Access Control Models and Technologies. ACM, 187--196. Google ScholarDigital Library
John Hughes and Eve Maler. 2005. Security Assertion Markup Language (SAML) V2.0 Technical Overview. Technical Report. OASIS.Google Scholar
Junbeom Hur and Dong Kun Noh. 2011. Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Transactions on Parallel and Distributed Systems 22, 7 (2011), 1214--1221. Google ScholarDigital Library
INCITS. 2013. Information Technology - Next Generation Access Control - Functional Architecture (NGAC-FA). Technical Report INCITS 499-2013. American National Standard for Information Technology, American National Standards Institute.Google Scholar
INCITS. 2015. Information technology - Next Generation Access Control Generic Operations and Data Structures (NGAC-GOADS). Technical Report INCITS 499-2013. American National Standard for Information Technology, American National Standards Institute.Google Scholar
Peng Jin and Yang Fang-chun. 2006. Description logic modeling of temporal attribute-based access control. In Proceedings of the 2006 1st International Conference on Communications and Electronics. IEEE, 414--418. Google ScholarCross Ref
Xin Jin, Ram Krishnan, and Ravi Sandhu. 2012a. A unified attribute-based access control model covering DAC, MAC and RBAC. In Data and Applications Security and Privacy XXVI. Springer, 41--55. Google ScholarDigital Library
Xin Jin, Ravi Sandhu, and Ram Krishnan. 2012b. RABAC: Role-centric attribute-based access control. In Proceedings of the 6th International Conference on Mathematical Methods, Models and Architectures for Computer Network Security: Computer Network Security. Springer, 84--96. Google ScholarDigital Library
James B. D. Joshi, Elisa Bertino, Usman Latif, and Arif Ghafoor. 2005. A generalized temporal role-based access control model. IEEE Transactions on Knowledge and Data Engineering 17, 1 (2005), 4--23. Google ScholarDigital Library
Florian Kerschbaum. 2010. An access control model for mobile physical objects. In Proceedings of the 15th ACM Symposium on Access Control Models and Technologies. ACM, 193--202. Google ScholarDigital Library
Etienne J. Khayat and Ali E. Abdallah. 2003. A formal model for flat role-based access control. In ACS/IEEE International Conference on Computer Systems and Applications (AICCSA’03), Vol. 4. Google ScholarCross Ref
Vladimir Kolovski, James Hendler, and Bijan Parsia. 2007. Analyzing web access control policies. In Proceedings of the 16th International Conference on World Wide Web. ACM, 677--686. Google ScholarDigital Library
D. Richard Kuhn, Edward J. Coyne, and Timothy R. Weil. 2010. Adding attributes to role-based access control. IEEE Computer 43, 6 (2010), 79--81. Google ScholarDigital Library
Bo Lang, Ian Foster, Frank Siebenlist, Rachana Ananthakrishnan, and Tim Freeman. 2006. Attribute based access control for grid computing. Retrieved from http://www.mcs.anl.gov/uploads/cels/papers/P1367.pdf.Google Scholar
Bo Lang, Ian Foster, Frank Siebenlist, Rachana Ananthakrishnan, and Tim Freeman. 2009. A flexible attribute based access control method for grid computing. Journal of Grid Computing 7, 2 (2009), 169--180. Google ScholarCross Ref
Bo Lang, Hangyu Li, and Wenting Ni. 2010. Attribute-based access control for layered grid resources. In Communication and Networking. Springer, Berlin, 31--40. Google ScholarCross Ref
Adam J. Lee and Marianne Winslett. 2006. Open problems for usable and secure open systems. In Proceediings of the Workshop on Usability Research Challenges for Cyberinfrastructure and Tools Held in Conjunction with ACM CHI.Google Scholar
Jaewon Lee, Heeyoul Kim, and Joon Sung Hong. 2008. An attribute aggregation architecture with trust-based evaluation for access control. In Proceedings of the NOMS 2008-2008 IEEE Network Operations and Management Symposium. 1011--1014.Google Scholar
Ninghui Li and Mahesh V. Tripunitara. 2006. Security analysis in role-based access control. ACM Transactions on Information and System Security (TISSEC) 9, 4 (2006), 391--420. Google ScholarDigital Library
Ninghui Li and William H. Winsborough. 2003. Beyond proof-of-compliance: Safety and availability analysis in trust management. In 2003 Symposium on Security and Privacy. IEEE, 123--139.Google Scholar
Feng Liang, Haoming Guo, Shengwei Yi, and Shilong Ma. 2012. A multiple-policy supported attribute-based access control architecture within large-scale device collaboration systems. Journal of Networks 7, 3 (2012), 524--531. Google ScholarCross Ref
Dan Lin, Prathima Rao, Elisa Bertino, Ninghui Li, and Jorge Lobo. 2010. EXAM: A comprehensive environment for the analysis of access control policies. International Journal of Information Security 9, 4 (2010), 253--273. Google ScholarDigital Library
Emil Lupu and Morris Sloman. 1997. Reconciling role based management and role based access control. In Proceedings of the Second ACM Workshop on Role-Based Access Control. ACM, 135--141. Google ScholarDigital Library
Deborah L. McGuinness, Frank Van Harmelen, and Others. 2004. OWL web ontology language overview. W3C Recommendation (2004).Google Scholar
Matunda Nyanchama and Sylvia Osborn. 1999. The role graph model and conflict of interest. ACM Transactions on Information and System Security (TISSEC) 2, 1 (1999), 3--33. Google ScholarDigital Library
Jaehong Park and Ravi Sandhu. 2004. The UCON ABC usage control model. ACM Transactions on Information and System Security (TISSEC) 7, 1 (2004), 128--174. Google ScholarDigital Library
Eric PrudHommeaux and Andy Seaborne. 2008. SPARQL query language for RDF. W3C Recommendation 15 (2008).Google Scholar
Carlos E. Rubio-Medrano, Clinton D’Souza, and Gail-Joon Ahn. 2013. Supporting secure collaborations with attribute-based access control. In Proceedings of the 2013 9th International Conference Conference on Collaborative Computing: Networking, Applications and Worksharing (Collaboratecom). IEEE, 525--530. Google ScholarCross Ref
Amit Sasturkar, Ping Yang, Scott D. Stoller, and C. R. Ramakrishnan. 2006. Policy analysis for administrative role based access control. In Proceedings of the 19th IEEE Computer Security Foundations Workshop (CSFW’06). IEEE. Google ScholarDigital Library
Daniel Servos. 2012. A Role and Attribute Based Encryption Approach to Privacy and Security in Cloud Based Health Services. Master’s thesis. Lakehead University. Retrieved from http://knowledgecommons.lakeheadu.ca/handle/2453/286.Google Scholar
Daniel Servos, Sabah Mohammed, Jinan Fiaidhi, and Tai hoon Kim. 2013. Extensions to ciphertext-policy attribute-based encryption to support distributed environments. International Journal of Computer Applications in Technology 47, 2 (2013), 215--226.Google ScholarDigital Library
Daniel Servos and Sylvia L. Osborn. 2014. HGABAC: Towards a formal model of hierarchical attribute-based access control. In Proceedings of the 7th International Symposium on Foundations and Practice of Security (FPS’14). Springer, 187--204.Google Scholar
Basit Shafiq, Elisa Bertino, and Arif Ghafoor. 2005. Access control management in a distributed environment supporting dynamic collaboration. In Proceedings of the 2005 Workshop on Digital Identity Management. ACM, 104--112. Google ScholarDigital Library
Haibo Shen. 2009. A semantic-aware attribute-based access control model for web services. In Proceedings of the 9th International Conference on Algorithms and Architectures for Parallel Processing. Springer, 693--703. Google ScholarDigital Library
Hai-bo Shen and Fan Hong. 2006. An attribute-based access control model for web services. In Proceedings of the 2006 7th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT’06). IEEE, 74--79. Google ScholarDigital Library
Waleed W. Smari, Patrice Clemente, and Jean-Francois Lalande. 2014. An extended attribute based access control model with trust and privacy: Application to a collaborative crisis management system. Future Generation Computer Systems 31 (2014), 147--168. Google ScholarDigital Library
Waleed W. Smari, Jian Zhu, and Patrice Clemente. 2009. Trust and privacy in attribute based access control for collaboration environments. In Proceedings of the 11th International Conference on Information Integration and Web-based Applications 8 Services. ACM, 49--55. Google ScholarDigital Library
Scott D. Stoller, Ping Yang, C. R. Ramakrishnan, and Mikhail I. Gofman. 2007. Efficient policy analysis for administrative role based access control. In Proceedings of the 14th ACM Conference on Computer and Communications Security. ACM, 445--455. Google ScholarDigital Library
Guojun Wang, Qin Liu, and Jie Wu. 2010. Hierarchical attribute-based encryption for fine-grained access control in cloud storage services. In Proceedings of the 17th ACM Conference on Computer and Communications Security. ACM, 735--737. Google ScholarDigital Library
He Wang and Sylvia L. Osborn. 2006. Delegation in the role graph model. In Proceedings of the 11th ACM Symposium on Access Control Models and Technologies. ACM, 91--100. Google ScholarDigital Library
He Wang and Sylvia L. Osborn. 2011. Static and dynamic delegation in the role graph model. IEEE Transactions on Knowledge and Data Engineering 23, 10 (2011), 1569--1582. Google ScholarDigital Library
Lingyu Wang, Duminda Wijesekera, and Sushil Jajodia. 2004. A logic-based framework for attribute based access control. In Proceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering. ACM, 45--55. Google ScholarDigital Library
Brent Waters. 2011. Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In Proceedings of the International Workshop on Public Key Cryptography. Springer, 53--70. Google ScholarCross Ref
Yonghe Wei, Chunjing Shi, and Weiping Shao. 2010. An attribute and role based access control model for service-oriented environment. In Proceedings of the 2010 Chinese Control and Decision Conference. IEEE, 4451--4455.Google Scholar
Alma Whitten and J. Doug Tygar. 1999. Why Johnny can’t encrypt: A Usability Evaluation of PGP 5.0. In Usenix Security, Vol. 1999.Google Scholar
Jian Shu Lianghong Shi Bing Xia and Linlan Liu. 2009. Study on action and attribute-based access control model for web services. In Proceedings of the 2009 2nd International Symposium on Information Science and Engineering. 213--216.Google Scholar
Zhongyuan Xu and Scott D. Stoller. 2013. Mining attribute-based access control policies from RBAC policies. In Proceedings of the 10th International Conference and Expo on Emerging Technologies for a Smarter World (CEWIT’10). IEEE, 1--6.Google Scholar
Zhongyuan Xu and Scott D. Stoller. 2014. Mining attribute-based access control policies from logs. In IFIP Annual Conference on Data and Applications Security and Privacy. Springer, 276--291. Google ScholarDigital Library
Zhongyuan Xu and Scott D. Stoller. 2015. Mining attribute-based access control policies. IEEE Transactions on Dependable and Secure Computing 12, 5 (2015), 533--545. Google ScholarDigital Library
Danfeng Yao, Michael Shin, Roberto Tamassia, and William H. Winsborough. 2005. Visualization of automated trust negotiation. In Proceedings of the IEEE Workshop on Visualization for Computer Security (VizSEC’05). IEEE, 65--74.Google Scholar
Shucheng Yu, Cong Wang, Kui Ren, and Wenjing Lou. 2010. Achieving secure, scalable, and fine-grained data access control in cloud computing. In Proceedings of the 2010 IEEE of INFOCOM. IEEE, 1--9.Google ScholarCross Ref
Eric Yuan and Jin Tong. 2005. Attributed based access control (ABAC) for web services. In Proceedings of the IEEE International Conference on Web Services (ICWS’05). IEEE, 569. Google ScholarDigital Library
Guoping Zhang, Jing Liu, and Jianbo Liu. 2013. Protecting sensitive attributes in attribute based access control. In Proceedings of the International Conference on Service-Oriented Computing (ICSOC’13). Springer, 294--305. Google ScholarCross Ref
Xinwen Zhang, Yingjiu Li, and Divya Nalla. 2005. An attribute-based access matrix model. In Proceedings of the 2005 ACM Symposium on Applied Computing. ACM, 359--363. Google ScholarDigital Library
Xinwen Zhang, Sejong Oh, and Ravi Sandhu. 2003. PBDM: A flexible delegation model in RBAC. In Proceedings of the 8th ACM Symposium on Access Control Models and Technologies. ACM, 149--157. Google ScholarDigital Library
Yongsheng S. Zhang, Mingfeng F. Wu, Lei Wu, and Yuanyuan Y. Li. 2014. Attribute-based access control security model in service-oriented computing. In Proceedings of the 2012 International Conference on Cybernetics and Informatics. Springer, 1473--1479. Google ScholarCross Ref
Jian Zhu and Waleed W. Smari. 2008. Attribute based access control and security for collaboration environments. In Proceedings of the 2008 IEEE National Aerospace and Electronics Conference. IEEE, 31--35. Google ScholarCross Ref
Yiqun Zhu, Jianhua Li, and Quanhai Zhang. 2008. General attribute based RBAC model for web services. Wuhan University Journal of Natural Sciences 13, 1 (2008), 81--86. Google ScholarCross Ref

Index Terms

Current Research and Open Problems in Attribute-Based Access Control
1. Security and privacy
  1. Security services
    1. Access control

Recommendations

Attribute Based Access Control (ABAC)-Based Cross-Domain Access Control in Service-Oriented Architecture (SOA)
CSSS '12: Proceedings of the 2012 International Conference on Computer Science and Service System

The traditional role-based access control model (RBAC) can not meet the requirements of Service Oriented Architectures (SOA) on the distribution and openness, Attribute-Based Access Control (ABAC), which is more fine-grained in access control, is more ...
Read More
Towards Attribute-Centric Access Control: an ABAC versus RBAC argument

Recent developments in attribute-based access control have fueled the conventional debate regarding the pros and cons of Attributes-based access control ABAC versus Role-based access control RBAC. However, existing arguments have been primarily focused ...
Read More
An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security
ICFNDS '17: Proceedings of the International Conference on Future Networks and Distributed Systems

Role-based access control (RBAC) is a widely-used protocol to design and build an access control for providing the system security regarding authorization. Even though in the context of internet resources access, the authentication and access control ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Computing Surveys Volume 49, Issue 4
December 2017
666 pages
ISSN:0360-0300
EISSN:1557-7341
DOI:10.1145/3022634
Editor:
Sartaj Sahni
Department of Computer and Information Science and Engineering / University of Florida / Gainesville, FL 32611
Issue’s Table of Contents
Copyright © 2017 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 2 January 2017
- Accepted: 1 October 2016
- Revised: 1 July 2016
- Received: 1 June 2015
Published in csur Volume 49, Issue 4

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
ABAC models
Attribute-based access control (ABAC)
access control
survey
Qualifiers
- survey
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 141
  Total Citations
  View Citations
- 2,913
  Total Downloads
- Downloads (Last 12 months)388
- Downloads (Last 6 weeks)58
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Current Research and Open Problems in Attribute-Based Access Control

ACM Computing Surveys

Abstract

References

Cited By

Index Terms

Recommendations

Attribute Based Access Control (ABAC)-Based Cross-Domain Access Control in Service-Oriented Architecture (SOA)

Towards Attribute-Centric Access Control: an ABAC versus RBAC argument

An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security