Visible to the public Attribute Transformation for Attribute-Based Access Control

TitleAttribute Transformation for Attribute-Based Access Control
Publication TypeConference Paper
Year of Publication2017
AuthorsBiswas, Prosunjit, Sandhu, Ravi, Krishnan, Ram
Conference NameProceedings of the 2Nd ACM Workshop on Attribute-Based Access Control
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4910-9
Keywordsattribute based access control, attribute expansion, attribute reduction, attribute transformation, attribute-based encryption, Collaboration, Human Behavior, human factors, policy-based governance, pubcrawl, Scalability
Abstract

In this paper, we introduce the concept of transforming attribute-value assignments from one set to another set. We specify two types of transformations--attribute reduction and attribute expansion. We distinguish policy attributes from non-policy attributes in that policy attributes are used in authorization policies whereas the latter are not. Attribute reduction is a process of contracting a large set of assignments of non-policy attributes into a possibly smaller set of policy attribute-value assignments. This process is useful for abstracting attributes that are too specific for particular types of objects or users, designing modular authorization policies, and modeling hierarchical policies. On the other hand, attribute expansion is a process of performing a large set of attribute-value assignments to users or objects from a possibly smaller set of assignments. We define a language for specifying mapping for the transformation process. We also identify and discuss various issues that stem from the transformation process.

URLhttps://dl.acm.org/citation.cfm?doid=3041048.3041052
DOI10.1145/3041048.3041052
Citation Keybiswas_attribute_2017