Enabling the deployment of ABAC policies in RBAC systems

Gunjan Batra; Vijayalakshmi Atluri; Jaideep Vaidya; Shamik Sural

doi:10.1007/978-3-319-95729-6_4

Enabling the deployment of ABAC policies in RBAC systems

Gunjan Batra, Vijayalakshmi Atluri, Jaideep Vaidya, Shamik Sural

Rutgers Business School, Management & Information Systems

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

8 Scopus citations

Abstract

The flexibility, portability and identity-less access control features of Attribute Based Access Control (ABAC) make it an attractive choice to be employed in many application domains. However, commercially viable methods for implementation of ABAC do not exist while a vast majority of organizations use Role Based Access Control (RBAC) systems. In this paper, we present a way in which organizations having a RBAC system can deploy an ABAC policy. Thus, we propose a method for the translation of an ABAC policy into a form that can be adopted by an RBAC system. We compare the cost of enforcement in ABAC and RBAC with respect to time taken to evaluate an access request, and experimentally demonstrate that RBAC is significantly better in this respect. Since the cost of security management is more expensive under RBAC when compared to ABAC, we present an analysis of the different management costs and present mitigation approaches by considering various administrative operations.

Original language	English (US)
Title of host publication	Data and Applications Security and Privacy XXXII - 32nd Annual IFIP WG 11.3 Conference, DBSec 2018, Proceedings
Editors	Stefano Paraboschi, Florian Kerschbaum
Publisher	Springer Verlag
Pages	51-68
Number of pages	18
ISBN (Print)	9783319957289
DOIs	https://doi.org/10.1007/978-3-319-95729-6_4
State	Published - 2018
Event	32nd Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2018 - Bergamo, Italy Duration: Jul 16 2018 → Jul 18 2018

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10980 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	32nd Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2018
Country/Territory	Italy
City	Bergamo
Period	7/16/18 → 7/18/18

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-319-95729-6_4

Cite this

Batra, G., Atluri, V., Vaidya, J., & Sural, S. (2018). Enabling the deployment of ABAC policies in RBAC systems. In S. Paraboschi, & F. Kerschbaum (Eds.), Data and Applications Security and Privacy XXXII - 32nd Annual IFIP WG 11.3 Conference, DBSec 2018, Proceedings (pp. 51-68). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10980 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-95729-6_4

Batra, Gunjan ; Atluri, Vijayalakshmi ; Vaidya, Jaideep et al. / Enabling the deployment of ABAC policies in RBAC systems. Data and Applications Security and Privacy XXXII - 32nd Annual IFIP WG 11.3 Conference, DBSec 2018, Proceedings. editor / Stefano Paraboschi ; Florian Kerschbaum. Springer Verlag, 2018. pp. 51-68 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{b36a03a4247b45bdb13753511c2fd885,

title = "Enabling the deployment of ABAC policies in RBAC systems",

abstract = "The flexibility, portability and identity-less access control features of Attribute Based Access Control (ABAC) make it an attractive choice to be employed in many application domains. However, commercially viable methods for implementation of ABAC do not exist while a vast majority of organizations use Role Based Access Control (RBAC) systems. In this paper, we present a way in which organizations having a RBAC system can deploy an ABAC policy. Thus, we propose a method for the translation of an ABAC policy into a form that can be adopted by an RBAC system. We compare the cost of enforcement in ABAC and RBAC with respect to time taken to evaluate an access request, and experimentally demonstrate that RBAC is significantly better in this respect. Since the cost of security management is more expensive under RBAC when compared to ABAC, we present an analysis of the different management costs and present mitigation approaches by considering various administrative operations.",

author = "Gunjan Batra and Vijayalakshmi Atluri and Jaideep Vaidya and Shamik Sural",

note = "Funding Information: Acknowledgments. Research reported in this publication was supported by the National Institutes of Health under award R01GM118574, by the National Science Foundation under awards CNS-1564034 and CNS-1624503 and by the National Academies of Sciences, Engineering, and Medicine under the PAK-US Science and Technology Cooperation Program. The content is solely the responsibility of the authors and does not necessarily represent the official views of the agencies funding the research. We would also like to thank Dr. Emre Uzun for his comments. Funding Information: Research reported in this publication was supported by the National Institutes of Health under award R01GM118574, by the National Science Foundation under awards CNS-1564034 and CNS-1624503 and by the National Academies of Sciences, Engineering, and Medicine under the PAK-US Science and Technology Cooperation Program. The content is solely the responsibility of the authors and does not necessarily represent the official views of the agencies funding the research. We would also like to thank Dr. Emre Uzun for his comments. Publisher Copyright: {\textcopyright} IFIP International Federation for Information Processing 2018.; 32nd Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2018 ; Conference date: 16-07-2018 Through 18-07-2018",

year = "2018",

doi = "10.1007/978-3-319-95729-6_4",

language = "English (US)",

isbn = "9783319957289",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "51--68",

editor = "Stefano Paraboschi and Florian Kerschbaum",

booktitle = "Data and Applications Security and Privacy XXXII - 32nd Annual IFIP WG 11.3 Conference, DBSec 2018, Proceedings",

address = "Germany",

}

Batra, G, Atluri, V , Vaidya, J & Sural, S 2018, Enabling the deployment of ABAC policies in RBAC systems. in S Paraboschi & F Kerschbaum (eds), Data and Applications Security and Privacy XXXII - 32nd Annual IFIP WG 11.3 Conference, DBSec 2018, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10980 LNCS, Springer Verlag, pp. 51-68, 32nd Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2018, Bergamo, Italy, 7/16/18. https://doi.org/10.1007/978-3-319-95729-6_4

Enabling the deployment of ABAC policies in RBAC systems. / Batra, Gunjan; Atluri, Vijayalakshmi ; Vaidya, Jaideep et al.
Data and Applications Security and Privacy XXXII - 32nd Annual IFIP WG 11.3 Conference, DBSec 2018, Proceedings. ed. / Stefano Paraboschi; Florian Kerschbaum. Springer Verlag, 2018. p. 51-68 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10980 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Enabling the deployment of ABAC policies in RBAC systems

AU - Batra, Gunjan

AU - Atluri, Vijayalakshmi

AU - Vaidya, Jaideep

AU - Sural, Shamik

N1 - Funding Information: Acknowledgments. Research reported in this publication was supported by the National Institutes of Health under award R01GM118574, by the National Science Foundation under awards CNS-1564034 and CNS-1624503 and by the National Academies of Sciences, Engineering, and Medicine under the PAK-US Science and Technology Cooperation Program. The content is solely the responsibility of the authors and does not necessarily represent the official views of the agencies funding the research. We would also like to thank Dr. Emre Uzun for his comments. Funding Information: Research reported in this publication was supported by the National Institutes of Health under award R01GM118574, by the National Science Foundation under awards CNS-1564034 and CNS-1624503 and by the National Academies of Sciences, Engineering, and Medicine under the PAK-US Science and Technology Cooperation Program. The content is solely the responsibility of the authors and does not necessarily represent the official views of the agencies funding the research. We would also like to thank Dr. Emre Uzun for his comments. Publisher Copyright: © IFIP International Federation for Information Processing 2018.

PY - 2018

Y1 - 2018

N2 - The flexibility, portability and identity-less access control features of Attribute Based Access Control (ABAC) make it an attractive choice to be employed in many application domains. However, commercially viable methods for implementation of ABAC do not exist while a vast majority of organizations use Role Based Access Control (RBAC) systems. In this paper, we present a way in which organizations having a RBAC system can deploy an ABAC policy. Thus, we propose a method for the translation of an ABAC policy into a form that can be adopted by an RBAC system. We compare the cost of enforcement in ABAC and RBAC with respect to time taken to evaluate an access request, and experimentally demonstrate that RBAC is significantly better in this respect. Since the cost of security management is more expensive under RBAC when compared to ABAC, we present an analysis of the different management costs and present mitigation approaches by considering various administrative operations.

AB - The flexibility, portability and identity-less access control features of Attribute Based Access Control (ABAC) make it an attractive choice to be employed in many application domains. However, commercially viable methods for implementation of ABAC do not exist while a vast majority of organizations use Role Based Access Control (RBAC) systems. In this paper, we present a way in which organizations having a RBAC system can deploy an ABAC policy. Thus, we propose a method for the translation of an ABAC policy into a form that can be adopted by an RBAC system. We compare the cost of enforcement in ABAC and RBAC with respect to time taken to evaluate an access request, and experimentally demonstrate that RBAC is significantly better in this respect. Since the cost of security management is more expensive under RBAC when compared to ABAC, we present an analysis of the different management costs and present mitigation approaches by considering various administrative operations.

UR - http://www.scopus.com/inward/record.url?scp=85050527252&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85050527252&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-95729-6_4

DO - 10.1007/978-3-319-95729-6_4

M3 - Conference contribution

AN - SCOPUS:85050527252

SN - 9783319957289

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 51

EP - 68

BT - Data and Applications Security and Privacy XXXII - 32nd Annual IFIP WG 11.3 Conference, DBSec 2018, Proceedings

A2 - Paraboschi, Stefano

A2 - Kerschbaum, Florian

PB - Springer Verlag

T2 - 32nd Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2018

Y2 - 16 July 2018 through 18 July 2018

ER -

Batra G, Atluri V , Vaidya J, Sural S. Enabling the deployment of ABAC policies in RBAC systems. In Paraboschi S, Kerschbaum F, editors, Data and Applications Security and Privacy XXXII - 32nd Annual IFIP WG 11.3 Conference, DBSec 2018, Proceedings. Springer Verlag. 2018. p. 51-68. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-95729-6_4

Enabling the deployment of ABAC policies in RBAC systems

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this