Towards efficient implementation of attribute-based access control
| dc.contributor.author | Pagadala, Vignesh M., author | |
| dc.contributor.author | Ray, Indrakshi, advisor | |
| dc.contributor.author | Ray, Indrajit, committee member | |
| dc.contributor.author | Anderson, Charles, committee member | |
| dc.contributor.author | Vijayasarathy, Leo, committee member | |
| dc.date.accessioned | 2021-09-06T10:25:17Z | |
| dc.date.available | 2021-09-06T10:25:17Z | |
| dc.date.issued | 2021 | |
| dc.description.abstract | Attribute-Based Access Control (ABAC) is a methodology which allows or prohibits a subject (user or process) from performing actions on an object (resource), based upon the attributes of the subject and the object. The inherent versatility of ABAC, as opposed to other access control methods such as Role-Based Access Control (RBAC), has ensured the availability of a wide range of use-cases for applying the same, including but not limited to, healthcare, finance, government and military. Of late, more and more organizations are settling for ABAC as their choice of access control scheme. In order to implement ABAC, standards such as the eXtensible Access Control Markup Language (XACML) and Next-Generation Access Control (NGAC) are typically employed. Though these standards allow organizations to implement an access control scheme which is fine-grained, easily manageable and devoid of problems such as role explosions, certain bottlenecks still exist in terms of the time taken to evaluate access requests, and pre-computations being performed to prepare the mechanism for answering queries. These issues become apparent only when the number of entities involved in the organization (subjects and objects) begin to scale. Previous works based on NGAC have been proposed, which manage to ensure efficient evaluation of access requests. However, the procedures outline the need to perform pre-computations, whose time complexity scales rapidly with respect to growing number of entities and policies. We argue that this implementation can be done better, by dexterous use of specific data-structures. Our ABAC implementation (using NGAC) not only answers queries in O(1), but also quickens the pre-computation process to practicable levels, thereby making this more suitable for implementation. We also propose secondary contributions - a mechanism to respond to access requests while a policy update is underway, and procedures to enforce policies from a subset of several policy classes. | |
| dc.format.medium | born digital | |
| dc.format.medium | masters theses | |
| dc.identifier | Pagadala_colostate_0053N_16775.pdf | |
| dc.identifier.uri | https://hdl.handle.net/10217/233760 | |
| dc.language | English | |
| dc.language.iso | eng | |
| dc.publisher | Colorado State University. Libraries | |
| dc.relation.ispartof | 2020- | |
| dc.rights | Copyright and other restrictions may apply. User is responsible for compliance with all applicable laws. For information about copyright law, please see https://libguides.colostate.edu/copyright. | |
| dc.subject | attribute-based access control | |
| dc.subject | Neo4j | |
| dc.subject | NIST policy machine | |
| dc.subject | graph database | |
| dc.subject | ABAC | |
| dc.subject | next-generation access control | |
| dc.title | Towards efficient implementation of attribute-based access control | |
| dc.type | Text | |
| dcterms.rights.dpla | This Item is protected by copyright and/or related rights (https://rightsstatements.org/vocab/InC/1.0/). You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s). | |
| thesis.degree.discipline | Computer Science | |
| thesis.degree.grantor | Colorado State University | |
| thesis.degree.level | Masters | |
| thesis.degree.name | Master of Science (M.S.) |
Files
Original bundle
1 - 1 of 1
Loading...
- Name:
- Pagadala_colostate_0053N_16775.pdf
- Size:
- 390.9 KB
- Format:
- Adobe Portable Document Format