Commenced in January 2007
Frequency: Monthly
Edition: International
Paper Count: 32727
An Attribute Based Access Control Model with POL Module for Dynamically Granting and Revoking Authorizations

Authors: Gang Liu, Huimin Song, Can Wang, Runnan Zhang, Lu Fang


Currently, resource sharing and system security are critical issues. This paper proposes a POL module composed of PRIV ILEGE attribute (PA), obligation and log which improves attribute based access control (ABAC) model in dynamically granting authorizations and revoking authorizations. The following describes the new model termed PABAC in terms of the POL module structure, attribute definitions, policy formulation and authorization architecture, which demonstrate the advantages of it. The POL module addresses the problems which are not predicted before and not described by access control policy. It can be one of the subject attributes or resource attributes according to the practical application, which enhances the flexibility of the model compared with ABAC. A scenario that illustrates how this model is applied to the real world is provided.

Keywords: Access control, attribute based access control, granting authorizations, privilege, revoking authorizations, system security.

Digital Object Identifier (DOI):

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1001


[1] Garnaut P., Thompson J., ”Review of Data Integrity Models in Multi-Level Security Environments,” Technical Report DSTO-TN-0971, Defence Science And Technology Organisation Edinburgh Command Control Communications And Intelligence Div, Australia, Feb. 2012.
[2] Alexander P, Pike L, Loscocco P, et al., ”Model Checking Distributed Mandatory Access Control Policies,” J. Acm Transactions on Information & System Security, vol. 18, no. 6, pp. 1-25, Dec. 2015, doi: 10.1145/2785966.
[3] Zamite J, Domingos D, Silva M J, et al., ”Group-Based Discretionary Access Control in Health Related Repositories,” J. Journal of Information Technology Research, vol. 7, no. 1, pp. 78-94, 2014, doi: 10.4018/jitr.2014010106.
[4] Zhou L, Varadharajan V, Hitchens M, ”Trust Enhanced Cryptographic Role-Based Access Control for Secure Cloud Data Storage,” J. Information Forensics & Security IEEE Transactions on, vol. 10, no. 11, pp. 2381-2395, 2015, doi: 10.1109/TIFS.2015.2455952.
[5] Yi Liu, Ke Xu, Junde Song, ”A Task-Attribute-Based Workflow Access Control Model,” Proc. 2013 IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social Computing, IEEE, pp. 1330-1334, Aug. 2013, doi: 10.1109/GreenCom-iThings-CPSCom.2013.231.
[6] Vincent C. Hu, et al., ”Guide to Attribute Based Access Control(abac) Definition and Considerations,” National Institute of Standards and Technology, Gaithersburg, 2014.
[7] E. Yuan, J. Tong, ”Attributed Based Access Control (ABAC) for Web Services,” Proc. 2005 IEEE International Conference on Web Services(ICWS), IEEE, pp. 561-569, Jul. 2005, doi: 10.1109/ICWS.2005.25.
[8] Hakima Ould-Slimane, Moustapha Bande, Hanifa Boucheneb, ”WiseShare: A Collaborative Environment for Knowledge Sharing Governed by ABAC Policies,” Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), 2012 8th International Conference on, IEEE, pp. 21-29, Oct. 2012, doi: 10.4108/icst.collaboratecom.2012.250402.
[9] Maryam Ed-Daibouni, Adil Lebbat, Saida Tallal, Hicham Medromi, ”Toward a New Extension of the Access Control Model ABAC for Cloud Computing,” Advances in Ubiquitous Networking. Lecture Notes in Electrical Engineering, Sabir E., Medromi H., Sadik M., eds., Singapore: Springer, pp. 79-89, Feb. 2016, doi: 10.1007/978-981-287-990-5 7.
[10] Vincent C. Hu, D. Richard Kuhn, David F. Ferraiolo, ”Attribute-Based Access Control,” J. Computer, vol. 48, no. 2, pp. 85-88, Feb. 2015, doi: 10.1109/MC.2015.33.
[11] Xu D., Kent M., Thomas L., et al. ”Automated Model-Based Testing of Role-Based Access Control Using Predicate/Transition Nets,” J. IEEE Transactions on Computers, vol. 64, no. 9, pp. 2490-2505, Sep. 2015, doi:10.1109/TC.2014.2375189.
[12] Mike Burmester, Emmanouil Magkos, Vassilis Chrissikopoulos, ”T-ABAC: An Attribute-based Access Control Model for Real-time Availability in Highly Dynamic Systems,” Proc. Computers and Communications(ISCC), 2013 IEEE Symposium on, IEEE, pp. 143-148, Jul. 2013, doi: 10.1109/ISCC.2013.6754936.
[13] Laurent Gomez, Slim Trabelsi, ”Obligation Based Access Control,” On the Move to Meaningful Internet Systems: OTM 2014 Workshops. OTM 2014. Lecture Notes in Computer Science, Meersman R. et al., eds., Berlin: Springer, pp. 79-89, Oct. 2014, doi: 10.1007/978-3-662-45550-0 15.
[14] Claudio Bettini, Sushil Jajodia, X. Sean Wang, Duminda Wijesekera, ”Provisions and Obligations in Policy Management and Security Applications,” Proc. VLDB ’02 Proceedings of the 28th international conference on Very Large Data Bases, VLDB Endowment, pp. 502-513, Aug. 2002, doi: 10.1016/B978-155860869-6/50051-2.
[15] Gansen Zhao, David Chadwick, Sassa Otenko, ”Obligation for Role Based Access Control,” Proc. Advanced Information Networking and Applications Workshops, 2007, AINAW ’07. 21st International Conference on, IEEE, pp. 424-431, May 2007, doi: 10.1109/AINAW.2007.267.
[16] Michael J. Covington, Manoj R. Sastry, ”A Contextual Attribute-Based Access Control Model,” On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops. OTM 2006. Lecture Notes in Computer Science, Meersman R., Tari Z., Herrero P., eds., Berlin: Springer-Verlag, pp. 1996-2006, Nov. 2006, doi: 10.1007/11915072 108.
[17] Anoop Singhal, Theodore Winograd, Karen Scarfone, ”Guide to Secure Web Services,” National Institute of Standards and Technology Special Publication, Gaithersburg, 2007.
[18] Bill Parducci, Hal Lockhart, Rich Levinson, ”eXtensible Access Control Markup Language (XACML) Version 3.0,” Burlington, USA: OASIS, 2013.
[19] Mehdi Sabbari, Hadiseh Seyyed Alipour, ”Improving Attribute Based Access Control Model for Web Services,” Proc. Information and Communication Technologies (WICT), 2011 World Congress on, IEEE, pp. 1223-1228, Dec. 2011, doi: 10.1109/WICT.2011.6141423.