國立虎尾科技大學 |

Expressive Power, Safety and Cloud Implementation of Attribute and Relationship Based Access Control Models.

Record Type:	Language materials, manuscript : Monograph/item
Title/Author:	Expressive Power, Safety and Cloud Implementation of Attribute and Relationship Based Access Control Models./
Author:	Ahmed, Tahmina.
Description:	1 online resource (137 pages)
Notes:	Source: Dissertation Abstracts International, Volume: 79-05(E), Section: B.
Subject:	Computer science. -
Online resource:	click for full text (PQDT)
ISBN:	9780355534399

Expressive Power, Safety and Cloud Implementation of Attribute and Relationship Based Access Control Models.
Ahmed, Tahmina.

Expressive Power, Safety and Cloud Implementation of Attribute and Relationship Based Access Control Models. - 1 online resource (137 pages)

Source: Dissertation Abstracts International, Volume: 79-05(E), Section: B.

Thesis (Ph.D.)--The University of Texas at San Antonio, 2017.

Includes bibliographical references

For the last few years Attribute Based Access Control (ABAC) has been emerging as the next dominant form of access control. According to a 2014 NIST special publication, "ABAC enables more precise access control model as it can consider numerous attributes in authorization decision." ABAC can unify the advantages of the traditional discretionary, mandatory and role-based access control models by using appropriate attributes, while going beyond the capabilities of these. ABAC has become recognized as a model expressive enough to define finer-grained and flexible authorization policies suitable for modern application domains such cloud computing and Internet of Things. Meanwhile, in recent years, various online social network (OSN) applications such as Facebook, Twitter and LinkedIn have become widely used. In OSNs, authorization for users' access to specific content is typically based on the interpersonal relationships between the accessing user and content owner. Recently ReBAC has been expanded to cover systems beyond OSNs. Efforts to combine ReBAC and ABAC have also been published.

Electronic reproduction.
Ann Arbor, Mich. :
ProQuest,
2018

Mode of access: World Wide Web

ISBN: 9780355534399Subjects--Topical Terms:

573171
Computer science.
Index Terms--Genre/Form:

554714
Electronic books.

Expressive Power, Safety and Cloud Implementation of Attribute and Relationship Based Access Control Models.
LDR:04764ntm a2200361K 4500 001 914177
005 20180703084423.5
006 m o u
007 cr mn||||a|a||
008 190606s2017 xx obm 000 0 eng d
020 $a 9780355534399
035 $a (MiAaPQ)AAI10686276
035 $a (MiAaPQ)utsa:12471
035 $a AAI10686276
040 $a MiAaPQ $b eng $c MiAaPQ
100 1 $a Ahmed, Tahmina. $3 1187310
245 1 0 $a Expressive Power, Safety and Cloud Implementation of Attribute and Relationship Based Access Control Models.
264 0 $c 2017
300 $a 1 online resource (137 pages)
336 $a text $b txt $2 rdacontent
337 $a computer $b c $2 rdamedia
338 $a online resource $b cr $2 rdacarrier
500 $a Source: Dissertation Abstracts International, Volume: 79-05(E), Section: B.
500 $a Adviser: Ravi Sandhu.
502 $a Thesis (Ph.D.)--The University of Texas at San Antonio, 2017.
504 $a Includes bibliographical references
520 $a For the last few years Attribute Based Access Control (ABAC) has been emerging as the next dominant form of access control. According to a 2014 NIST special publication, "ABAC enables more precise access control model as it can consider numerous attributes in authorization decision." ABAC can unify the advantages of the traditional discretionary, mandatory and role-based access control models by using appropriate attributes, while going beyond the capabilities of these. ABAC has become recognized as a model expressive enough to define finer-grained and flexible authorization policies suitable for modern application domains such cloud computing and Internet of Things. Meanwhile, in recent years, various online social network (OSN) applications such as Facebook, Twitter and LinkedIn have become widely used. In OSNs, authorization for users' access to specific content is typically based on the interpersonal relationships between the accessing user and content owner. Recently ReBAC has been expanded to cover systems beyond OSNs. Efforts to combine ReBAC and ABAC have also been published.
520 $a This dissertation makes fundamental contributions to our understanding of ABAC and ReBAC from three perspectives. Firstly, it clarifies and resolves conflicting claims in the literature regarding the expressive power of ABAC and ReBAC. It has been argued, on one hand, that attributes can encode relationships so ABAC subsumes ReBAC. On the other hand, it has been claimed that the multilevel or composed relations of ReBAC (such as friend of friend) bring fundamentally new capabilities. This dissertation develops separate classifications of ABAC and ReBAC models with respect to salient structural and dynamic properties. It shows the equivalence, dominance or non-comparability of the expressive power of various model classes in these classifications. The results of this analysis show that ABAC and ReBAC, when defined with sufficient generality, are equivalent in expressive power. For less general forms of ABAC and ReBAC the relative expressive power depends strongly on the details of the respective models.
520 $a Secondly, this dissertation analyzes the safety and expressive power of an existing ABAC model, viz. ABACalpha. ABACalpha is designed with just sufficient capabilities to configure commonly used forms of discretionary, mandatory and role-based access control. In particular ABACalpha restricts attribute values to be from finite fixed domains. The safety analysis of ABACalpha is shown to be decidable by providing a reduction from ABACalpha to safety decidable UCON (finite)/(preA) with finite attribute domain, which is a structurally different ABAC model with finite fixed domains. Two enhanced versions of ABACalpha are defined. One of these is shown to be equivalent in expressive power to UCON (finite)/(preA) with finite attribute domain. The other is shown to have undecidable safety and thus expressive power beyond UCON (finite)/(preA) with finite attribute domain. The question of whether ABACalpha is strictly less expressive than UCON (finite)/(preA) with finite attribute domain or equivalent to it, is left open.
520 $a Finally, the dissertation introduces a novel form of ReBAC model (OOReBAC) considering object-to-object relationship independent of users to control access of resources. A proof-of-concept implementation of OOReBAC for multicloud resource sharing using the open source OpenStack cloud platform and specifically its Swift object storage service is provided.
533 $a Electronic reproduction. $b Ann Arbor, Mich. : $c ProQuest, $d 2018
538 $a Mode of access: World Wide Web
650 4 $a Computer science. $3 573171
650 4 $a Information technology. $3 559429
655 7 $a Electronic books. $2 local $3 554714
690 $a 0984
690 $a 0489
710 2 $a ProQuest Information and Learning Co. $3 1178819
710 2 $a The University of Texas at San Antonio. $b Computer Science. $3 1187311
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=10686276 $z click for full text (PQDT)