S-ABAC

From its-wiki.no
Jump to: navigation, search

Keyword S-ABAC

S-ABAC
Wikipedia https://en.wikipedia.org/wiki/Attribute-based_access_control
Related keywords Semantic ABAC, SABAC, ABAC
All pages containing keywords

(edit page)
Role-based access control (RBAC) is the standard for organisations. Being a researcher, you have access to certain documents, apps and services, while being financial advisor you have access to another set of documents, apps and services. However, the role-based access implies “once authenticated, you have access”, which is not sufficient for today’s security praxis. As example, if someone has stolen your password, he has access to all your files. The Semantic Attribute Based Access Control (S-ABAC) adds a new dimension to the control. Not only your password might be requested, but also the network or the IP address used to connect. And, if the S-ABAC requires a connection from a given network or a given location, then, even though your password is correctly used, the attacker does not get access.

A Semantic Attribute based access control provides the means for different actors having access to different types of information of a system. The former notation of Role-based access control (RBAC) is extended, where "role" is one attribute deciding on the access. As an example, your data of your "heat pump" (energy efficiency) are of interest for a) the house owner, b) the manufacturer, c) the municipalities, d) the maintenance company, e) the person renting the flat, f) the energy distributor. Which data (e.g. statistical) and who has access (attribute: grade of access: monitor, control, configure) might be subject to a security and privacy analysis (attribute: required security level). S-ABAC is seen as tool to provide the functionality, but needs R&I to become usable in a distributed cloud.

Potential output

Ontologies related to Access Control for the specific domains methodology and technology description for how to include semantic specifications, i.e., the above mentioned ontologies, in the ABAC model. software implementation of a S-ABAC engine that would extend existing ABAC engine/framework with semantic reasoning tools and ontology editing capabilities. These software components would form the S-ABAC-framework and would include components like policy definition endpoint and tool including Semantic concepts, policy enforcement point, Attribute management point, etc.

Contains pages with keyword "S-ABAC".

Related information

Thumb Title Author Date Keywords
[[File:|frameless|150px]] BB24.I and BB26.F and BB26.G
Click to Open
Meeting
Christian Johansen 28 September 2020 S-ABAC, Measurable Security, Privacy



User(s)




Keywords: Access control, RBAC, ABAC, SABAC