Suppr超能文献

PolTree:一种用于在基于属性的访问控制中做出高效访问决策的数据结构。

PolTree: A Data Structure for Making Efficient Access Decisions in ABAC.

作者信息

Nath Ronit, Das Saptarshi, Sural Shamik, Vaidya Jaideep, Atluri Vijay

机构信息

IIT Kharagpur, India.

Rutgers University, New Jersey, USA.

出版信息

Proc ACM Symp Access Control Model Technol. 2019 Jun;2019:25-35. doi: 10.1145/3322431.3325102.

Abstract

In Attribute-Based Access Control (ABAC), a user is permitted or denied access to an object based on a set of rules (together called an ABAC Policy) specified in terms of the values of attributes of various types of entities, namely, user, object and environment. Efficient evaluation of these rules is therefore essential for ensuring decision making at on-line speed when an access request comes. Sequentially evaluating all the rules in a policy is inherently time consuming and does not scale with the size of the ABAC system or the frequency of access requests. This problem, which is quite pertinent for practical deployment of ABAC, surprisingly has not so far been addressed in the literature. In this paper, we introduce two variants of a tree data structure for representing ABAC policies, which we name as PolTree. In the binary version (B-PolTree), at each node, a decision is taken based on whether a particular attribute-value pair is satisfied or not. The n-ary version (N-PolTree), on the other hand, grows as many branches out of a given node as the total number of possible values for the attribute being checked at that node. An extensive experimental evaluation with diverse data sets shows the scalability and effectiveness of the proposed approach.

摘要

在基于属性的访问控制(ABAC)中,根据一组规则(统称为ABAC策略)来允许或拒绝用户对对象的访问,这些规则是根据各种类型实体(即用户、对象和环境)的属性值来指定的。因此,当访问请求到来时,高效评估这些规则对于确保在线速度下的决策至关重要。按顺序评估策略中的所有规则本质上很耗时,并且无法随着ABAC系统的规模或访问请求的频率进行扩展。这个对于ABAC实际部署非常相关的问题,令人惊讶的是,迄今为止在文献中尚未得到解决。在本文中,我们引入了两种用于表示ABAC策略的树状数据结构变体,我们将其命名为PolTree。在二元版本(B-PolTree)中,在每个节点处,根据特定属性值对是否满足来做出决策。另一方面,n元版本(N-PolTree)从给定节点长出的分支数量与在该节点检查的属性的可能值总数一样多。对各种数据集进行的广泛实验评估表明了所提出方法的可扩展性和有效性。

https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3ed8/6658170/64f788021d6c/nihms-1036393-f0008.jpg

相似文献

3
Efficient bottom-up Mining of Attribute Based Access Control Policies.基于属性的访问控制策略的高效自底向上挖掘
IEEE Conf Collab Internet Comput. 2017 Oct;2017:339-348. doi: 10.1109/CIC.2017.00051. Epub 2017 Dec 14.
4
Contemporaneous Update and Enforcement of ABAC Policies.ABAC政策的同步更新与执行
Proc ACM Symp Access Control Model Technol. 2022 Jun;2022:31-42. doi: 10.1145/3532105.3535021. Epub 2022 Jun 8.
5
Security Analysis of ABAC under an Administrative Model.行政模型下基于属性的访问控制(ABAC)的安全性分析
IET Inf Secur. 2019 Mar;13(2):96-103. doi: 10.1049/iet-ifs.2018.5010. Epub 2018 Oct 23.
10
Enabling Attribute-based Access Control in NoSQL Databases.在非关系型数据库中实现基于属性的访问控制。
IEEE Trans Emerg Top Comput. 2023 Jan-Mar;11(1):208-223. doi: 10.1109/tetc.2022.3193577. Epub 2022 Jul 29.

引用本文的文献

1
Enabling Attribute-based Access Control in NoSQL Databases.在非关系型数据库中实现基于属性的访问控制。
IEEE Trans Emerg Top Comput. 2023 Jan-Mar;11(1):208-223. doi: 10.1109/tetc.2022.3193577. Epub 2022 Jul 29.

本文引用的文献

文献检索

告别复杂PubMed语法,用中文像聊天一样搜索,搜遍4000万医学文献。AI智能推荐,让科研检索更轻松。

立即免费搜索

文件翻译

保留排版,准确专业,支持PDF/Word/PPT等文件格式,支持 12+语言互译。

免费翻译文档

深度研究

AI帮你快速写综述,25分钟生成高质量综述,智能提取关键信息,辅助科研写作。

立即免费体验