Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2018 Jul:10980:51-68.
doi: 10.1007/978-3-319-95729-6_4. Epub 2018 Jul 10.

Enabling the Deployment of ABAC Policies in RBAC Systems

Gunjan Batra  1 Vijayalakshmi Atluri  1 Jaideep Vaidya  1 Shamik Sural  2
Affiliations

Enabling the Deployment of ABAC Policies in RBAC Systems

Gunjan Batra et al. Data Appl Secur Priv XXXII (2018). 2018 Jul.

Abstract

The flexibility, portability and identity-less access control features of Attribute Based Access Control (ABAC) make it an attractive choice to be employed in many application domains. However, commercially viable methods for implementation of ABAC do not exist while a vast majority of organizations use Role Based Access Control (RBAC) systems. In this paper, we present a way in which organizations having a RBAC system can deploy an ABAC policy. Thus, we propose a method for the translation of an ABAC policy into a form that can be adopted by an RBAC system. We compare the cost of enforcement in ABAC and RBAC with respect to time taken to evaluate an access request, and experimentally demonstrate that RBAC is significantly better in this respect. Since the cost of security management is more expensive under RBAC when compared to ABAC, we present an analysis of the different management costs and present mitigation approaches by considering various administrative operations.

PubMed Disclaimer

Figures

Fig. 1.
Fig. 1.
Approach for Deployment of ABAC in RBAC
Fig. 2.
Fig. 2.
Increasing rule size
Fig. 3.
Fig. 3.
Increasing attribute size
Fig. 4.
Fig. 4.
Increasing User Object Size
Fig. 5.
Fig. 5.
Increasing Positive Authorizations
Fig. 6.
Fig. 6.
Management of Administrative Operations on the system
See this image and copyright information in PMC

References

    1. Hu VC, Ferraiolo D, Kuhn R, Schnitzer A, Sandlin K, Miller R, Scarfone K: Guide to Attribute Based Access Control (ABAC) definition and considerations. In: NIST Special Publication, 800–162 (2014)
    1. Jha S, Sural S, Atluri V, Vaidya J: Enforcing separation of duty in attribute based access control systems. In: ICISS, pp. 61–78 (2015)
    1. Uzun E, Lorenzi D, Atluri V, Vaidya J, Sural S: Migrating from DAC to RBAC. In: DBSec, pp. 69–84 (2015)
    1. Vaidya J, Atluri V, Guo Q: The role mining problem: finding a minimal descriptive set of roles. In: SACMAT, pp. 175–184 (2007)
    1. Huang J, Nicol D, Bobba R, Huh J: A framework integrating attribute-based policies into role-based access control. In: SACMAT, pp. 187–196 (2012)

LinkOut - more resources