TY - GEN
T1 - A Graph-Based Framework for ABAC Policy Enforcement and Analysis
AU - Yang, Mian
AU - Atluri, Vijayalakshmi
AU - Sural, Shamik
AU - Vaidya, Jaideep
N1 - Publisher Copyright:
© IFIP International Federation for Information Processing 2024.
PY - 2024
Y1 - 2024
N2 - In the realm of access control mechanisms, Attribute-Based Access Control (ABAC) stands out for its dynamic and fine-grained approach, enabling permissions to be allocated based on attributes of subjects, objects, and the environment. This paper introduces a graph model for ABAC, named GABAC. The GABAC leverages directional flow capacities to enforce access control policies, mapping the potential pathways between a subject and an object to ascertain access rights. Furthermore, graph based modeling of ABAC enables the utilization of readily available commercial graph database systems to implement ABAC. As a result, enforcement and analyses of ABAC can be accomplished simply through graph queries. In particular, we demonstrate this using the Neo4j graph database and present the performance of executing enforcement and different analyses queries.
AB - In the realm of access control mechanisms, Attribute-Based Access Control (ABAC) stands out for its dynamic and fine-grained approach, enabling permissions to be allocated based on attributes of subjects, objects, and the environment. This paper introduces a graph model for ABAC, named GABAC. The GABAC leverages directional flow capacities to enforce access control policies, mapping the potential pathways between a subject and an object to ascertain access rights. Furthermore, graph based modeling of ABAC enables the utilization of readily available commercial graph database systems to implement ABAC. As a result, enforcement and analyses of ABAC can be accomplished simply through graph queries. In particular, we demonstrate this using the Neo4j graph database and present the performance of executing enforcement and different analyses queries.
UR - http://www.scopus.com/inward/record.url?scp=85200595802&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85200595802&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-65172-4_1
DO - 10.1007/978-3-031-65172-4_1
M3 - Conference contribution
AN - SCOPUS:85200595802
SN - 9783031651717
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 3
EP - 23
BT - Data and Applications Security and Privacy XXXVIII - 38th Annual IFIP WG 11.3 Conference, DBSec 2024, Proceedings
A2 - Ferrara, Anna Lisa
A2 - Krishnan, Ram
PB - Springer Science and Business Media Deutschland GmbH
T2 - 38th Annual IFIP 11.3 Conference on Data and Applications Security and Privacy, DBSec 2024
Y2 - 15 July 2024 through 17 July 2024
ER -