TY - GEN
T1 - Extended ReBAC Administrative models with cascading revocation and provenance support
AU - Cheng, Yuan
AU - Bijon, Khalid
AU - Sandhu, Ravi
N1 - Publisher Copyright:
© 2016 ACM.
PY - 2016/6/6
Y1 - 2016/6/6
N2 - Relationship-based access control (ReBAC) has been widely studied and applied in the domain of online social networks, and has since been extended to domains beyond social. Us-ing ReBAC itself to manage ReBAC also becomes a natural research frontier, where we have two ReBAC administrative models proposed recently by Rizvi et al. [30] and Stoller [33]. In this paper, we extend these two ReBAC administrative models in order to apply ReBAC beyond online social net-works, particularly where edges can have dependencies with each other and authorization for certain administrative oper-Ations requires provenance information. Basically, our policy specifications adopt the concepts of enabling precondition and applicability preconditions from Rizvi et al. [30]. Then, we address several issues that need to be considered in order to properly execute operation effects, such as cascading re-vocation and integrity constraints on the relationship graph. With these extended features, we show that our administra-Tive models can provide the administration capability of the MT-RBAC model originally designed for multi-Tenant col-laborative cloud systems [34].
AB - Relationship-based access control (ReBAC) has been widely studied and applied in the domain of online social networks, and has since been extended to domains beyond social. Us-ing ReBAC itself to manage ReBAC also becomes a natural research frontier, where we have two ReBAC administrative models proposed recently by Rizvi et al. [30] and Stoller [33]. In this paper, we extend these two ReBAC administrative models in order to apply ReBAC beyond online social net-works, particularly where edges can have dependencies with each other and authorization for certain administrative oper-Ations requires provenance information. Basically, our policy specifications adopt the concepts of enabling precondition and applicability preconditions from Rizvi et al. [30]. Then, we address several issues that need to be considered in order to properly execute operation effects, such as cascading re-vocation and integrity constraints on the relationship graph. With these extended features, we show that our administra-Tive models can provide the administration capability of the MT-RBAC model originally designed for multi-Tenant col-laborative cloud systems [34].
KW - Access Control
KW - Administrative Model
KW - Relationship
UR - http://www.scopus.com/inward/record.url?scp=84977137888&partnerID=8YFLogxK
U2 - 10.1145/2914642.2914655
DO - 10.1145/2914642.2914655
M3 - Conference contribution
AN - SCOPUS:84977137888
T3 - Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT
SP - 161
EP - 170
BT - SACMAT 2016 - Proceedings of the 21st ACM Symposium on Access Control Models and Technologies
PB - Association for Computing Machinery
T2 - 21st ACM Symposium on Access Control Models and Technologies, SACMAT 2016
Y2 - 6 June 2016 through 8 June 2016
ER -