Browse by author
Lookup NU author(s): Dr Charles Morisset
Full text for this publication is not currently held within this repository. Alternative links are provided below where available.
© 2018 Association for Computing Machinery. A main challenge of attribute-based access control (ABAC) is the handling of missing information. Several studies show that the way standard ABAC mechanisms (e.g., XACML) handle missing information is flawed, making ABAC policies vulnerable to attribute-hiding attacks. Recent work addressed the problem of missing information in ABAC by introducing the notion of extended evaluation, where the evaluation of a query considers all possible ways of extending that query. This method counters attribute-hiding attacks, but a naïve implementation is intractable, as it requires an evaluation of the whole query space. In this paper, we present an efficient extended ABAC evaluation method that relies on the encoding of ABAC policies as multiple Binary Decision Diagrams (BDDs), and on the specification of query constraints to avoid including the evaluation of queries that do not represent a valid state of the system. We illustrate our approach on two real-world case studies, which would be intractable with the original method and are analyzed in seconds with our method.
Author(s): Morisset C, Willemse TAC, Zannone N
Publication type: Conference Proceedings (inc. Abstract)
Publication status: Published
Conference Name: Proceedings of the 23rd ACM Symposium on Access Control Models and Technologies (SACMAT'18)
Year of Conference: 2018
Online publication date: 07/06/2018
Acceptance date: 02/04/2018
Library holdings: Search Newcastle University Library for this item