A Graph-Based Framework for ABAC Policy Enforcement and Analysis

Mian Yang, Vijayalakshmi Atluri, Shamik Sural, Jaideep Vaidya

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In the realm of access control mechanisms, Attribute-Based Access Control (ABAC) stands out for its dynamic and fine-grained approach, enabling permissions to be allocated based on attributes of subjects, objects, and the environment. This paper introduces a graph model for ABAC, named GABAC. The GABAC leverages directional flow capacities to enforce access control policies, mapping the potential pathways between a subject and an object to ascertain access rights. Furthermore, graph based modeling of ABAC enables the utilization of readily available commercial graph database systems to implement ABAC. As a result, enforcement and analyses of ABAC can be accomplished simply through graph queries. In particular, we demonstrate this using the Neo4j graph database and present the performance of executing enforcement and different analyses queries.

Original languageEnglish (US)
Title of host publicationData and Applications Security and Privacy XXXVIII - 38th Annual IFIP WG 11.3 Conference, DBSec 2024, Proceedings
EditorsAnna Lisa Ferrara, Ram Krishnan
PublisherSpringer Science and Business Media Deutschland GmbH
Pages3-23
Number of pages21
ISBN (Print)9783031651717
DOIs
StatePublished - 2024
Event38th Annual IFIP 11.3 Conference on Data and Applications Security and Privacy, DBSec 2024 - San Jose, United States
Duration: Jul 15 2024Jul 17 2024

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume14901 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference38th Annual IFIP 11.3 Conference on Data and Applications Security and Privacy, DBSec 2024
Country/TerritoryUnited States
CitySan Jose
Period7/15/247/17/24

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'A Graph-Based Framework for ABAC Policy Enforcement and Analysis'. Together they form a unique fingerprint.

Cite this