Attribute Transformation for Attribute-Based Access Control
| Title | Attribute Transformation for Attribute-Based Access Control |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Biswas, Prosunjit, Sandhu, Ravi, Krishnan, Ram |
| Conference Name | Proceedings of the 2Nd ACM Workshop on Attribute-Based Access Control |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-4910-9 |
| Keywords | attribute based access control, attribute expansion, attribute reduction, attribute transformation, attribute-based encryption, Collaboration, Human Behavior, human factors, policy-based governance, pubcrawl, Scalability |
| Abstract | In this paper, we introduce the concept of transforming attribute-value assignments from one set to another set. We specify two types of transformations--attribute reduction and attribute expansion. We distinguish policy attributes from non-policy attributes in that policy attributes are used in authorization policies whereas the latter are not. Attribute reduction is a process of contracting a large set of assignments of non-policy attributes into a possibly smaller set of policy attribute-value assignments. This process is useful for abstracting attributes that are too specific for particular types of objects or users, designing modular authorization policies, and modeling hierarchical policies. On the other hand, attribute expansion is a process of performing a large set of attribute-value assignments to users or objects from a possibly smaller set of assignments. We define a language for specifying mapping for the transformation process. We also identify and discuss various issues that stem from the transformation process. |
| URL | https://dl.acm.org/citation.cfm?doid=3041048.3041052 |
| DOI | 10.1145/3041048.3041052 |
| Citation Key | biswas_attribute_2017 |