A Comparison of Logical-Formula and Enumerated Authorization Policy ABAC Models - Data and Applications Security and Privacy XXX
Conference Papers Year : 2016

A Comparison of Logical-Formula and Enumerated Authorization Policy ABAC Models

Prosunjit Biswas
  • Function : Author
  • PersonId : 1022653
Ravi Sandhu
  • Function : Author
  • PersonId : 978076
Ram Krishnan
  • Function : Author
  • PersonId : 1010017

Abstract

Logical formulas and enumeration are the two major ways for specifying authorization policies in Attribute Based Access Control (ABAC). While considerable research has been done for specifying logical-formula authorization policy ABAC, there has been less attention to enumerated authorization policy ABAC. This paper presents a finite attribute, finite domain ABAC model for enumerated authorization policies and investigates its relationship with logical-formula authorization policy ABAC models in the finite domain. We show that these models are equivalent in their theoretical expressive power. We also show that single and multi-attribute ABAC models are equally expressive.
Fichier principal
Vignette du fichier
428203_1_En_9_Chapter.pdf (358.15 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01633664 , version 1 (13-11-2017)

Licence

Identifiers

Cite

Prosunjit Biswas, Ravi Sandhu, Ram Krishnan. A Comparison of Logical-Formula and Enumerated Authorization Policy ABAC Models. 30th IFIP Annual Conference on Data and Applications Security and Privacy (DBSec), Jul 2016, Trento, Italy. pp.122-129, ⟨10.1007/978-3-319-41483-6_9⟩. ⟨hal-01633664⟩
54 View
140 Download

Altmetric

Share

More