Managing attribute-based access control policies in a unified framework using data warehousing and in-memory database

Over the last few years, various types of access control models have been proposed for expressing the growing needs of organizations. Out of these, there is an increasing interest towards specification and enforcement of flexible and dynamic decision making security policies using Attribute Based Ac...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Computers & security Ročník 86; s. 183 - 205
Hlavní autoři: Singh, Mahendra Pratap, Sural, Shamik, Vaidya, Jaideep, Atluri, Vijayalakshmi
Médium: Journal Article
Jazyk:angličtina
Vydáno: Amsterdam Elsevier Ltd 01.09.2019
Elsevier Sequoia S.A
Témata:
Access
Access control
Attribute Based Access Control
Attributes
Authorization
Data warehouses
Data warehousing
Decision making
Enforcement
Experiments
In-memory database
Memory
Meta-policy
Policies
Security
Specification
Specifications
Unified security policy
Viability
Authorization
Unified security policy
Data warehousing
Attribute Based Access Control
Meta-policy
In-memory database
ISSN:0167-4048, 1872-6208
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Over the last few years, various types of access control models have been proposed for expressing the growing needs of organizations. Out of these, there is an increasing interest towards specification and enforcement of flexible and dynamic decision making security policies using Attribute Based Access Control (ABAC). However, it is not easy to migrate an existing security policy specified in a different model into ABAC. Furthermore, there exists no comprehensive approach that can specify, enforce and manage ABAC policies along with other policies potentially already existing in the organization as a unified security policy. In this article, we present a unique and flexible solution that enables concurrent specification and enforcement of such security policies through storing and querying data in a multi-dimensional and multi-granular data model. Specifically, we present a unified database schema, similar to that traditionally used in data warehouse design, that can represent different types of access control policies and store relevant policies as in-memory data, thereby significantly reducing the execution time of access request evaluation. We also present a novel approach for combining multiple access control policies through meta-policies. For ease of management, an administrative schema is presented that can specify different types of administrative policies. Extensive experiments on a wide range of data sets demonstrate the viability of the proposed approach.
Bibliografie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
content type line 23
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2019.06.001