Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2019;27(4):483-506.
doi: 10.3233/JCS-191315. Epub 2019 Jul 18.

Deploying ABAC policies using RBAC Systems

Gunjan Batra  1 Vijayalakshmi Atluri  1 Jaideep Vaidya  1 Shamik Sural  2
Affiliations

Deploying ABAC policies using RBAC Systems

Gunjan Batra et al. J Comput Secur. 2019.

Abstract

The flexibility, portability and identity-less access control features of Attribute Based Access Control(ABAC) make it an attractive choice to be employed in many application domains. However, commercially viable methods for implementation of ABAC do not exist while a vast majority of organizations use Role Based Access Control (RBAC) or their temporal extensions, such as Temporal Role Based Access Control (TRBAC). In this paper, we present a solution for organizations having a RBAC/TRBAC that can deploy an ABAC policy. Essentially, we propose a method for the translation of an ABAC policy (including time constraints) into a form that can be adopted by an RBAC/TRBAC system. We experimentally demonstrate that time taken to evaluate an access request in RBAC and TRBAC systems is significantly less than that of the corresponding ABAC system. Since the cost of security management is more expensive under RBAC when compared to ABAC, we present an analysis of the different management costs and present mitigation approaches by considering various administrative operations.

PubMed Disclaimer

Figures

Fig. 1:
Fig. 1:
Approach for Deployment of ABAC in RBAC
Fig. 2:
Fig. 2:
Approach for Deployment of ABAC with Time Constraints in TRBAC
Fig. 3:
Fig. 3:
Increasing Rule Size
Fig. 4:
Fig. 4:
Increasing Attribute Size
Fig. 5:
Fig. 5:
Increasing User Object Size
Fig. 6:
Fig. 6:
Increasing Positive Authorizations
Fig. 7:
Fig. 7:
Assessing TRBAC using ABACTC policy
Fig. 8:
Fig. 8:
AR Evaluation in ABACTC and TRBAC
Fig. 9:
Fig. 9:
Management of Administrative Operations on the ABAC-RBAC system
Fig. 10:
Fig. 10:
Management of Administrative Operations in ABACTC - TRBAC system
See this image and copyright information in PMC

References

    1. Mitra B, Sural S, Atluri V, Vaidya J. Toward mining of temporal roles. In Proceedings of the 27th international conference on Data and Applications Security and Privacy XXVII, 2013: 65–80.
    1. Bertino E, Bonatti A, Ferrari E. TRBAC: A temporal role-based access control model In ACM Transactions on Information and System Security (TISSEC), 2001: 191–233.
    1. Hu VC, Ferraiolo D, Kuhn R, Schnitzer A, Sandlin K, Miller R and Scarfone K. Guide to Attribute Based Access Control (ABAC) Definition and Considerations. In NIST Special Publication, 800–162.
    1. Jha S, Sural S, Atluri V, and Vaidya J. Enforcing Separation of Duty in Attribute Based Access Control Systems. In ICISS, 2015: 61–78.
    1. Batra G, Atluri V, Vaidya J and Sural S. Enabling the Deployment of ABAC Policies in RBAC Systems. In DBSec, 2018: 51–68. - PMC - PubMed

LinkOut - more resources