Visible to the public Biblio

Filters: Keyword is attribute expansion  [Clear All Filters]
2018-03-05
Biswas, Prosunjit, Sandhu, Ravi, Krishnan, Ram.  2017.  Attribute Transformation for Attribute-Based Access Control. Proceedings of the 2Nd ACM Workshop on Attribute-Based Access Control. :1–8.

In this paper, we introduce the concept of transforming attribute-value assignments from one set to another set. We specify two types of transformations–-attribute reduction and attribute expansion. We distinguish policy attributes from non-policy attributes in that policy attributes are used in authorization policies whereas the latter are not. Attribute reduction is a process of contracting a large set of assignments of non-policy attributes into a possibly smaller set of policy attribute-value assignments. This process is useful for abstracting attributes that are too specific for particular types of objects or users, designing modular authorization policies, and modeling hierarchical policies. On the other hand, attribute expansion is a process of performing a large set of attribute-value assignments to users or objects from a possibly smaller set of assignments. We define a language for specifying mapping for the transformation process. We also identify and discuss various issues that stem from the transformation process.