Sciweavers

ACSAC
2015
IEEE

Entity-Based Access Control: supporting more expressive access control policies

8 years 8 months ago
Entity-Based Access Control: supporting more expressive access control policies
Access control is an important part of security that restricts the actions that users can perform on resources. Policy models specify how these restrictions are formulated in policies. Over the last decades, we have seen several such models, including role-based access control and more recently, attribute-based access control. However, these models do not take into account the relationships between users, resources and entities and their corresponding properties. This limits the expressiveness of these models. In this work, we present Entity-Based Access Control (EBAC). EBAC introduces entities as a primary concept and takes into account both attributes and relationships to evaluate policies. In addition, we present Auctoritas. Auctoritas is a authorization system that provides a practical policy language and evaluation engine for EBAC. We find that EBAC increases the expressiveness of policies and fits the application domain well. Moreover, our evaluation shows that entity-based po...
Jasper Bogaerts, Maarten Decat, Bert Lagaisse, Wou
Added 13 Apr 2016
Updated 13 Apr 2016
Type Journal
Year 2015
Where ACSAC
Authors Jasper Bogaerts, Maarten Decat, Bert Lagaisse, Wouter Joosen
Comments (0)