Sciweavers

SACMAT
2015
ACM

On Missing Attributes in Access Control: Non-deterministic and Probabilistic Attribute Retrieval

8 years 8 months ago
On Missing Attributes in Access Control: Non-deterministic and Probabilistic Attribute Retrieval
Attribute Based Access Control (ABAC) is becoming the reference model for the specification and evaluation of access control policies. In ABAC policies and access requests are defined in terms of pairs attribute names/values. The applicability of an ABAC policy to a request is determined by matching the attributes in the request with the attributes in the policy. Some languages supporting ABAC, such as PTaCL or XACML 3.0, take into account the possibility that some attributes values might not be correctly retrieved when the request is evaluated, and use complex decisions, usually describing all possible evaluation outcomes, to account for missing attributes. In this paper, we argue that the problem of missing attributes in ABAC can be seen as a non-deterministic attribute retrieval process, and we show that the current evaluation mechanism in PTaCL or XACML can return a complex decision that does not necessarily match with the actual possible outcomes. This, however, is problematic ...
Jason Crampton, Charles Morisset, Nicola Zannone
Added 17 Apr 2016
Updated 17 Apr 2016
Type Journal
Year 2015
Where SACMAT
Authors Jason Crampton, Charles Morisset, Nicola Zannone
Comments (0)