Managing attribute-based access control policies in a unified framework using data warehousing and in-memory database

Mahendra Pratap Singh, Shamik Sural, Jaideep Vaidya, Vijayalakshmi Atluri

Research output: Contribution to journalArticlepeer-review

19 Scopus citations

Abstract

Over the last few years, various types of access control models have been proposed for expressing the growing needs of organizations. Out of these, there is an increasing interest towards specification and enforcement of flexible and dynamic decision making security policies using Attribute Based Access Control (ABAC). However, it is not easy to migrate an existing security policy specified in a different model into ABAC. Furthermore, there exists no comprehensive approach that can specify, enforce and manage ABAC policies along with other policies potentially already existing in the organization as a unified security policy. In this article, we present a unique and flexible solution that enables concurrent specification and enforcement of such security policies through storing and querying data in a multi-dimensional and multi-granular data model. Specifically, we present a unified database schema, similar to that traditionally used in data warehouse design, that can represent different types of access control policies and store relevant policies as in-memory data, thereby significantly reducing the execution time of access request evaluation. We also present a novel approach for combining multiple access control policies through meta-policies. For ease of management, an administrative schema is presented that can specify different types of administrative policies. Extensive experiments on a wide range of data sets demonstrate the viability of the proposed approach.

Original languageEnglish (US)
Pages (from-to)183-205
Number of pages23
JournalComputers and Security
Volume86
DOIs
StatePublished - Sep 2019

All Science Journal Classification (ASJC) codes

  • General Computer Science
  • Law

Keywords

  • Attribute Based Access Control
  • Authorization
  • Data warehousing
  • In-memory database
  • Meta-policy
  • Unified security policy

Fingerprint

Dive into the research topics of 'Managing attribute-based access control policies in a unified framework using data warehousing and in-memory database'. Together they form a unique fingerprint.

Cite this