Repository logo
 

Towards efficient implementation of attribute-based access control

dc.contributor.authorPagadala, Vignesh M., author
dc.contributor.authorRay, Indrakshi, advisor
dc.contributor.authorRay, Indrajit, committee member
dc.contributor.authorAnderson, Charles, committee member
dc.contributor.authorVijayasarathy, Leo, committee member
dc.date.accessioned2021-09-06T10:25:17Z
dc.date.available2021-09-06T10:25:17Z
dc.date.issued2021
dc.description.abstractAttribute-Based Access Control (ABAC) is a methodology which allows or prohibits a subject (user or process) from performing actions on an object (resource), based upon the attributes of the subject and the object. The inherent versatility of ABAC, as opposed to other access control methods such as Role-Based Access Control (RBAC), has ensured the availability of a wide range of use-cases for applying the same, including but not limited to, healthcare, finance, government and military. Of late, more and more organizations are settling for ABAC as their choice of access control scheme. In order to implement ABAC, standards such as the eXtensible Access Control Markup Language (XACML) and Next-Generation Access Control (NGAC) are typically employed. Though these standards allow organizations to implement an access control scheme which is fine-grained, easily manageable and devoid of problems such as role explosions, certain bottlenecks still exist in terms of the time taken to evaluate access requests, and pre-computations being performed to prepare the mechanism for answering queries. These issues become apparent only when the number of entities involved in the organization (subjects and objects) begin to scale. Previous works based on NGAC have been proposed, which manage to ensure efficient evaluation of access requests. However, the procedures outline the need to perform pre-computations, whose time complexity scales rapidly with respect to growing number of entities and policies. We argue that this implementation can be done better, by dexterous use of specific data-structures. Our ABAC implementation (using NGAC) not only answers queries in O(1), but also quickens the pre-computation process to practicable levels, thereby making this more suitable for implementation. We also propose secondary contributions - a mechanism to respond to access requests while a policy update is underway, and procedures to enforce policies from a subset of several policy classes.
dc.format.mediumborn digital
dc.format.mediummasters theses
dc.identifierPagadala_colostate_0053N_16775.pdf
dc.identifier.urihttps://hdl.handle.net/10217/233760
dc.languageEnglish
dc.language.isoeng
dc.publisherColorado State University. Libraries
dc.relation.ispartof2020-
dc.rightsCopyright and other restrictions may apply. User is responsible for compliance with all applicable laws. For information about copyright law, please see https://libguides.colostate.edu/copyright.
dc.subjectattribute-based access control
dc.subjectNeo4j
dc.subjectNIST policy machine
dc.subjectgraph database
dc.subjectABAC
dc.subjectnext-generation access control
dc.titleTowards efficient implementation of attribute-based access control
dc.typeText
dcterms.rights.dplaThis Item is protected by copyright and/or related rights (https://rightsstatements.org/vocab/InC/1.0/). You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s).
thesis.degree.disciplineComputer Science
thesis.degree.grantorColorado State University
thesis.degree.levelMasters
thesis.degree.nameMaster of Science (M.S.)

Files

Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
Pagadala_colostate_0053N_16775.pdf
Size:
390.9 KB
Format:
Adobe Portable Document Format