The Experts below are selected from a list of 177627 Experts worldwide ranked by ideXlab platform
Ravi Sandhu - One of the best experts on this subject based on the ideXlab platform.
-
IRI - On the Feasibility of attribute-based access control Policy Mining
2019 IEEE 20th International Conference on Information Reuse and Integration for Data Science (IRI), 2019Co-Authors: Shuvra Chakraborty, Ravi Sandhu, Ram KrishnanAbstract:As the technology of attribute-based access control (ABAC) matures and begins to supplant earlier models such as role-based or discretionary access control, it becomes necessary to convert from already deployed access control systems to ABAC. Several variations of this general problem can be defined, some of which have been studied by researchers. In particular the ABAC policy mining problem assumes that attribute values for various entities such as users and objects in the system are given, in addition to the authorization state, from which the ABAC policy needs to be discovered. In this paper, we formalize the ABAC RuleSet Existence problem in this context and develop an algorithm and complexity analysis for its solution. We further introduce the notion of ABAC RuleSet Infeasibility Correction along with an algorithm for its solution.
-
Proceedings of the 2nd ACM Workshop on attribute-based access control
2017Co-Authors: Elisa Bertino, Ravi Sandhu, Ram KrishnanAbstract:The second Workshop on Attribute Based access control (ABAC '17), held in conjunction with the 7th ACM Conference on Data and Applications Security and Privacy (CODASPY 2017), continues to foster a community of researchers interested in all aspects of attribute based access control. Major challenges remain to be addressed for ABAC to be effective in practice including ABAC policy engineering and mining, attribute assurance, usable administration, ABAC enforcement, and balancing expressive power with usability. ABAC '17 features papers on various aspects of ABAC including theoretical issues as attribute reduction, ABAC administration, and policy verification; practical issues such as ABAC for databases, authoring ABAC policies via natural language, and systematic ABAC implementation; and ABAC issues in applications such as healthcare. We hope the workshop attendees will find this wide variety of topics to be insightful, and helpful in advancing the field of ABAC.
-
DSC - Keynote talk #1: attribute-based access control: Insights and challenges
2017 IEEE Conference on Dependable and Secure Computing, 2017Co-Authors: Ravi SandhuAbstract:Since about 2010 there has been considerable growth of interest among cyber security researchers and practitioners in attribute-based access control (ABAC). The Institute of Cyber Security at the University of Texas at San Antonio has pursued this area intensively. This talk will present a personal perspective on the insights obtained by the Institute's research, as well as research from other groups working on this topic. The talk will identify some challenges in research as well as in practical deployments of ABAC.
-
Proceedings of the 2016 ACM International Workshop on Attribute Based access control
2016Co-Authors: Elisa Bertino, Ravi Sandhu, Ram KrishnanAbstract:controlling and managing access to sensitive data has been an ongoing challenge for decades. Attribute Based access control (ABAC) represents the latest milestone in the evolution of logical access control methods. The goal of this inaugural Workshop on Attribute Based access control (ABAC '16), held in conjunction with the 6th ACM Conference on Data and Applications Security and Privacy (CODASPY 2016), is to foster a community of researchers interested in all aspects of attribute based access control. ABAC is a fine-grained and a flexible form of access control. To realize its full potential, a number of major challenges need to be addressed including formal modeling and analysis of ABAC such as its safety and expressive power, administrative models for ABAC, attribute assurance, ABAC policy engineering and mining, privacy concerns in ABAC, etc. This inaugural ABAC '16 workshop features papers on various aspects of ABAC including formal models for ABAC and its relationship with XACML, data fusion concerns in attribute engineering, relevance of ABAC to application domains such as information sharing and online social networks, ABAC policy language for REST API, ABAC policy clustering, and trustworthiness of attributes. We hope the workshop attendees will find this wide variety of topics mto be insightful, and helpful in advancing the field of ABAC.
-
NSS - MT-ABAC: A multi-tenant attribute-based access control model with tenant trust
Network and System Security, 2015Co-Authors: Navid Pustchi, Ravi SandhuAbstract:A major barrier to the adoption of cloud Infrastructure-as-a-Service (IaaS) is collaboration, where multiple tenants engage in collaborative tasks requiring resources to be shared across tenant boundaries. Currently, cloud IaaS providers focus on multi-tenant isolation, and offer limited or no cross-tenant access capabilities in their IaaS APIs. In this paper, we present a novel attribute-based access control (ABAC) model to enable collaboration between tenants in a cloud IaaS, as well as more generally. Our approach allows cross-tenant attribute assignment to provide access to shared resources across tenants. Particularly, our tenant-trust authorizes a trustee tenant to assign its attributes to users from a trustor tenant, enabling access to the trustee tenant’s resources. We designate our multi-tenant attribute-based access control model as MT-ABAC. Previously, a multi-tenant role-based access control (MT-RBAC) model has been defined in the literature wherein a trustee tenant can assign its roles to users from a trustor tenant. We demonstrate that MT-ABAC can be configured to enforce MT-RBAC thus subsuming it as a special case.
Silvio Ranise - One of the best experts on this subject based on the ideXlab platform.
-
attribute based access control for apis in spring security
Symposium on Access Control Models and Technologies, 2014Co-Authors: Alessandro Armando, Eyasu Getahun Chekole, Roberto Carbone, Silvio RaniseAbstract:The widespread adoption of Application Programming Interfaces (APIs) by enterprises is changing the way business is done by permitting the implementation of a multitude of apps, customized to user needs. While supporting a more flexible exploitation of available data, services and applications developed on top of APIs are vulnerable to a variety of attacks, ranging from SQL injection to unauthorized access of sensitive data. Available security solutions must be re-used and/or adapted to work with APIs. In this paper, we focus on the development of a flexible access control mechanism for APIs. This is an important security mechanism to guarantee the enforcement of authorization constraints on resources while invoking their API functions. We have developed an extension of the Spring Security framework, the standard for securing services and apps built in the popular (open source) Spring framework, for the specification and enforcement of attribute-based access control (ABAC) policies. We demonstrate our work with scenarios arising in a smart energy eco-system.
-
SACMAT - Attribute based access control for APIs in spring security
Proceedings of the 19th ACM symposium on Access control models and technologies - SACMAT '14, 2014Co-Authors: Alessandro Armando, Eyasu Getahun Chekole, Roberto Carbone, Silvio RaniseAbstract:The widespread adoption of Application Programming Interfaces (APIs) by enterprises is changing the way business is done by permitting the implementation of a multitude of apps, customized to user needs. While supporting a more flexible exploitation of available data, services and applications developed on top of APIs are vulnerable to a variety of attacks, ranging from SQL injection to unauthorized access of sensitive data. Available security solutions must be re-used and/or adapted to work with APIs. In this paper, we focus on the development of a flexible access control mechanism for APIs. This is an important security mechanism to guarantee the enforcement of authorization constraints on resources while invoking their API functions. We have developed an extension of the Spring Security framework, the standard for securing services and apps built in the popular (open source) Spring framework, for the specification and enforcement of attribute-based access control (ABAC) policies. We demonstrate our work with scenarios arising in a smart energy eco-system.
N. Kamprath - One of the best experts on this subject based on the ideXlab platform.
-
ARES - Supporting attribute-based access control with ontologies
First International Conference on Availability Reliability and Security (ARES'06), 2006Co-Authors: Torsten Priebe, Wolfgang Dobmeier, N. KamprathAbstract:In highly open systems like the Internet, attribute-based access control (ABAC) has proven its appropriateness. The specification and maintenance of ABAC policies however has turned out to be complex and error-prone, especially if heterogeneous attribute schemes are involved. Here, the arising semantic Web can contribute to a solution. This paper presents an approach based on an extension of the established XACML standard. It simplifies the policies by providing an ontology-based attribute management facility.
Scott D. Stoller - One of the best experts on this subject based on the ideXlab platform.
-
DBSec - Mining attribute-based access control Policies from Logs
Lecture Notes in Computer Science, 2014Co-Authors: Scott D. StollerAbstract:attribute-based access control ABAC provides a high level of flexibility that promotes security and information sharing. ABAC policy mining algorithms have potential to significantly reduce the cost of migration to ABAC, by partially automating the development of an ABAC policy from information about the existing access-control policy and attribute data. This paper presents an algorithm for mining ABAC policies from operation logs and attribute data. To the best of our knowledge, it is the first algorithm for this problem.
-
Mining attribute-based access control Policies
arXiv: Cryptography and Security, 2013Co-Authors: Scott D. StollerAbstract:attribute-based access control (ABAC) provides a high level of flexibility that promotes security and information sharing. ABAC policy mining algorithms have potential to significantly reduce the cost of migration to ABAC, by partially automating the development of an ABAC policy from an access control list (ACL) policy or role-based access control (RBAC) policy with accompanying attribute data. This paper presents an ABAC policy mining algorithm. To the best of our knowledge, it is the first ABAC policy mining algorithm. Our algorithm iterates over tuples in the given user-permission relation, uses selected tuples as seeds for constructing candidate rules, and attempts to generalize each candidate rule to cover additional tuples in the user-permission relation by replacing conjuncts in attribute expressions with constraints. Our algorithm attempts to improve the policy by merging and simplifying candidate rules, and then it selects the highest-quality candidate rules for inclusion in the generated policy.
-
Mining attribute-based access control policies from RBAC policies
2013 10th International Conference and Expo on Emerging Technologies for a Smarter World (CEWIT), 2013Co-Authors: Scott D. StollerAbstract:Role-based access control (RBAC) is very widely used but has notable limitations, prompting a shift towards attribute-based access control (ABAC). However, the cost of developing an ABAC policy can be a significant obstacle to migration from RBAC to ABAC. This paper presents the first formal definition of the problem of mining ABAC policies from RBAC policies and attribute data, and the first algorithm specifically designed to mine an ABAC policy from an RBAC policy and attribute data.
Alessandro Armando - One of the best experts on this subject based on the ideXlab platform.
-
attribute based access control for apis in spring security
Symposium on Access Control Models and Technologies, 2014Co-Authors: Alessandro Armando, Eyasu Getahun Chekole, Roberto Carbone, Silvio RaniseAbstract:The widespread adoption of Application Programming Interfaces (APIs) by enterprises is changing the way business is done by permitting the implementation of a multitude of apps, customized to user needs. While supporting a more flexible exploitation of available data, services and applications developed on top of APIs are vulnerable to a variety of attacks, ranging from SQL injection to unauthorized access of sensitive data. Available security solutions must be re-used and/or adapted to work with APIs. In this paper, we focus on the development of a flexible access control mechanism for APIs. This is an important security mechanism to guarantee the enforcement of authorization constraints on resources while invoking their API functions. We have developed an extension of the Spring Security framework, the standard for securing services and apps built in the popular (open source) Spring framework, for the specification and enforcement of attribute-based access control (ABAC) policies. We demonstrate our work with scenarios arising in a smart energy eco-system.
-
SACMAT - Attribute based access control for APIs in spring security
Proceedings of the 19th ACM symposium on Access control models and technologies - SACMAT '14, 2014Co-Authors: Alessandro Armando, Eyasu Getahun Chekole, Roberto Carbone, Silvio RaniseAbstract:The widespread adoption of Application Programming Interfaces (APIs) by enterprises is changing the way business is done by permitting the implementation of a multitude of apps, customized to user needs. While supporting a more flexible exploitation of available data, services and applications developed on top of APIs are vulnerable to a variety of attacks, ranging from SQL injection to unauthorized access of sensitive data. Available security solutions must be re-used and/or adapted to work with APIs. In this paper, we focus on the development of a flexible access control mechanism for APIs. This is an important security mechanism to guarantee the enforcement of authorization constraints on resources while invoking their API functions. We have developed an extension of the Spring Security framework, the standard for securing services and apps built in the popular (open source) Spring framework, for the specification and enforcement of attribute-based access control (ABAC) policies. We demonstrate our work with scenarios arising in a smart energy eco-system.
