The GURAG Administrative Model for User and Group Attribute Assignment

被引:35
作者
Gupta, Maanak [1 ]
Sandhu, Ravi [1 ]
机构
[1] Univ Texas San Antonio, Inst Cyber Secur, Dept Comp Sci, One UTSA Circle, San Antonio, TX 78249 USA
来源
NETWORK AND SYSTEM SECURITY, (NSS 2016) | 2016年 / 9955卷
关键词
Attribute based access control; Attribute inheritance; Group hierarchy; Group attribute administration; User-group assignment; ACCESS-CONTROL;
D O I
10.1007/978-3-319-46298-1_21
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Several attribute-based access control (ABAC) models have been recently proposed to provide finer-grained authorization and to address the shortcomings of existing models. In particular, Servos et al. [33] presented a hierarchical group and attribute based access control (HGABAC) model which introduces a novel approach of attribute inheritance through user and object groups. For authorization purposes the effect of attribute inheritance from groups can be equivalently realized by direct attribute assignment to users and objects. Hence the practical benefit of HGABAC-like models is with respect to administration. In this paper we propose the first administration model for HGABAC called GURA(G). GURA(G) consists of three sub-models: UAA for user attribute assignment, UGAA for user-group attribute assignment and UGA for user to user-group assignment.
引用
收藏
页码:318 / 332
页数:15
相关论文
共 35 条
[1]   A model for attribute-based user-role assignment [J].
Al-Kahtani, MA ;
Sandhu, R .
18TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS, 2002, :353-362
[2]  
[Anonymous], 2013, P 2013 ACM WORKSHOP
[3]   Ciphertext-policy attribute-based encryption [J].
Bethencourt, John ;
Sahai, Amit ;
Waters, Brent .
2007 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, PROCEEDINGS, 2007, :321-+
[4]   Role-based access control with X.509 attribute certificates [J].
Chadwick, DW ;
Otenko, A ;
Ball, E .
IEEE INTERNET COMPUTING, 2003, 7 (02) :62-69
[5]  
Crampton J., 2003, ACM Transactions on Information and Systems Security, V6, P201, DOI 10.1145/762476.762478
[6]  
Emura K, 2009, LECT NOTES COMPUT SC, V5451, P13, DOI 10.1007/978-3-642-00843-6_2
[7]  
Goyal V., 2006, P 2006 INT C PRIVACY, P1
[8]   Specification and Enforcement of Location-Aware Attribute-Based Access Control for Online Social Networks [J].
Hsu, Andy Chunliang ;
Ray, Indrakshi .
ABAC'16: PROCEEDINGS OF THE 2016 ACM INTERNATIONAL WORKSHOP ON ATTRIBUTE BASED ACCESS CONTROL, 2016, :25-34
[9]  
Hu V., 2014, NIST SPECIAL PUBLICA, V800-162
[10]   Attribute-Based Access Control [J].
Hu, Vincent C. ;
Kuhn, D. Richard ;
Ferraiolo, David F. .
COMPUTER, 2015, 48 (02) :85-88
1234