Admin-CBAC: An Administration Model for Category-Based Access Control

Clara Bertolissi; Maribel Fernández; Bhavani Thuraisingham

doi:10.1145/3374664.3375725

Admin-CBAC: An Administration Model for Category-Based Access Control

Clara Bertolissi
, Maribel Fernández
, Bhavani Thuraisingham

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

8 Citations (Scopus)

Abstract

We present Admin-CBAC, an administrative model for Category- Based Access Control (CBAC). Since most of the access control models in use nowadays are instances of CBAC, in particular the popular RBAC and ABAC models, from Admin-CBAC we derive administrative models for RBAC and ABAC too. We define Admin- CBAC using Barker's metamodel, and use its axiomatic semantics to derive properties of administrative policies. Using an abstract operational semantics for administrative actions, we show how properties (such as safety, liveness and effectiveness of policies) and constraints (such as separation of duties) can be checked, and discuss the impact of policy changes. Although the most interesting properties of policies are generally undecidable in dynamic access control models, we identify particular cases where reachability based properties are decidable and can be checked using our operational semantics, generalising previous results for RBAC and ABACalpha.

Original language	English
Title of host publication	CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy
Publisher	Association for Computing Machinery, Inc
Pages	73-84
Number of pages	12
ISBN (Electronic)	9781450371070
DOIs	https://doi.org/10.1145/3374664.3375725
Publication status	Published - 16 Mar 2020
Event	10th ACM Conference on Data and Application Security and Privacy, CODASPY 2020 - New Orleans, United States Duration: 16 Mar 2020 → 18 Mar 2020

Publication series

Name	CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy

Conference

Conference	10th ACM Conference on Data and Application Security and Privacy, CODASPY 2020
Country/Territory	United States
City	New Orleans
Period	16/03/2020 → 18/03/2020

Keywords

access control
attribute-based access control
category-based access control
policy administration
policy analysis
role-based access control

Access to Document

10.1145/3374664.3375725

Cite this

Bertolissi, C., Fernández, M., & Thuraisingham, B. (2020). Admin-CBAC: An Administration Model for Category-Based Access Control. In CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy (pp. 73-84). (CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy). Association for Computing Machinery, Inc. https://doi.org/10.1145/3374664.3375725

Bertolissi, Clara ; Fernández, Maribel ; Thuraisingham, Bhavani. / Admin-CBAC : An Administration Model for Category-Based Access Control. CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc, 2020. pp. 73-84 (CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy).

@inbook{b6ceee9a34ad42e2ab3d9f7665479435,

title = "Admin-CBAC: An Administration Model for Category-Based Access Control",

abstract = "We present Admin-CBAC, an administrative model for Category- Based Access Control (CBAC). Since most of the access control models in use nowadays are instances of CBAC, in particular the popular RBAC and ABAC models, from Admin-CBAC we derive administrative models for RBAC and ABAC too. We define Admin- CBAC using Barker's metamodel, and use its axiomatic semantics to derive properties of administrative policies. Using an abstract operational semantics for administrative actions, we show how properties (such as safety, liveness and effectiveness of policies) and constraints (such as separation of duties) can be checked, and discuss the impact of policy changes. Although the most interesting properties of policies are generally undecidable in dynamic access control models, we identify particular cases where reachability based properties are decidable and can be checked using our operational semantics, generalising previous results for RBAC and ABACalpha.",

keywords = "access control, attribute-based access control, category-based access control, policy administration, policy analysis, role-based access control",

author = "Clara Bertolissi and Maribel Fern{\'a}ndez and Bhavani Thuraisingham",

year = "2020",

month = mar,

day = "16",

doi = "10.1145/3374664.3375725",

language = "English",

series = "CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy",

publisher = "Association for Computing Machinery, Inc",

pages = "73--84",

booktitle = "CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy",

note = "10th ACM Conference on Data and Application Security and Privacy, CODASPY 2020 ; Conference date: 16-03-2020 Through 18-03-2020",

}

Bertolissi, C, Fernández, M & Thuraisingham, B 2020, Admin-CBAC: An Administration Model for Category-Based Access Control. in CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy. CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy, Association for Computing Machinery, Inc, pp. 73-84, 10th ACM Conference on Data and Application Security and Privacy, CODASPY 2020, New Orleans, United States, 16/03/2020. https://doi.org/10.1145/3374664.3375725

Admin-CBAC: An Administration Model for Category-Based Access Control. / Bertolissi, Clara; Fernández, Maribel; Thuraisingham, Bhavani.
CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc, 2020. p. 73-84 (CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy).

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

TY - CHAP

T1 - Admin-CBAC

T2 - 10th ACM Conference on Data and Application Security and Privacy, CODASPY 2020

AU - Bertolissi, Clara

AU - Fernández, Maribel

AU - Thuraisingham, Bhavani

PY - 2020/3/16

Y1 - 2020/3/16

N2 - We present Admin-CBAC, an administrative model for Category- Based Access Control (CBAC). Since most of the access control models in use nowadays are instances of CBAC, in particular the popular RBAC and ABAC models, from Admin-CBAC we derive administrative models for RBAC and ABAC too. We define Admin- CBAC using Barker's metamodel, and use its axiomatic semantics to derive properties of administrative policies. Using an abstract operational semantics for administrative actions, we show how properties (such as safety, liveness and effectiveness of policies) and constraints (such as separation of duties) can be checked, and discuss the impact of policy changes. Although the most interesting properties of policies are generally undecidable in dynamic access control models, we identify particular cases where reachability based properties are decidable and can be checked using our operational semantics, generalising previous results for RBAC and ABACalpha.

AB - We present Admin-CBAC, an administrative model for Category- Based Access Control (CBAC). Since most of the access control models in use nowadays are instances of CBAC, in particular the popular RBAC and ABAC models, from Admin-CBAC we derive administrative models for RBAC and ABAC too. We define Admin- CBAC using Barker's metamodel, and use its axiomatic semantics to derive properties of administrative policies. Using an abstract operational semantics for administrative actions, we show how properties (such as safety, liveness and effectiveness of policies) and constraints (such as separation of duties) can be checked, and discuss the impact of policy changes. Although the most interesting properties of policies are generally undecidable in dynamic access control models, we identify particular cases where reachability based properties are decidable and can be checked using our operational semantics, generalising previous results for RBAC and ABACalpha.

KW - access control

KW - attribute-based access control

KW - category-based access control

KW - policy administration

KW - policy analysis

KW - role-based access control

UR - https://www.scopus.com/pages/publications/85083357638

U2 - 10.1145/3374664.3375725

DO - 10.1145/3374664.3375725

M3 - Conference paper

AN - SCOPUS:85083357638

T3 - CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy

SP - 73

EP - 84

BT - CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy

PB - Association for Computing Machinery, Inc

Y2 - 16 March 2020 through 18 March 2020

ER -

Bertolissi C, Fernández M, Thuraisingham B. Admin-CBAC: An Administration Model for Category-Based Access Control. In CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc. 2020. p. 73-84. (CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy). doi: 10.1145/3374664.3375725

Admin-CBAC: An Administration Model for Category-Based Access Control

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this