FABAC: A Flexible Fuzzy Attribute-Based Access Control Mechanism

Attribute-Based Access Control (ABAC) is a promising approach for addressing intricate management requirements in dynamic and distributed environments. Nevertheless, because of lacking flexible access exception handling mechanism, rigid rules in ABAC influence the resource availability and ultimately the working efficiency. In this paper, we propose a novel fuzzy ABAC model (FABAC) that extends the ABAC with better usability. We introduce the fuzzy mechanism into decision-making process. Based on the membership grades of requests to rules and the spare credits of respective subjects, our framework permits additional requests failing in rule matching, thus enhancing the information flows in business processes. Furthermore, we develop the credit system with history-based recovery mechanism, wherein the subject’s credits and corresponding recovery rate are impacted by the past authorizations on substandard requests, for maintaining the risk of abuse under control. The analysis reveals that our model contributes to attaining better tradeoff between security and usability.

[1]  Sylvia L. Osborn,et al.  Current Research and Open Problems in Attribute-Based Access Control , 2017, ACM Comput. Surv..

[2]  Bhavani Thuraisingham Mandatory Access Control , 2009 .

[3]  Junshan Li,et al.  A Trust and Context Based Access Control Model for Distributed Systems , 2008, 2008 10th IEEE International Conference on High Performance Computing and Communications.

[4]  A. G. McKendrick,et al.  XLV.—The Rate of Multiplication of Micro-organisms: A Mathematical Study , 1912 .

[5]  Lotfi A. Zadeh,et al.  Fuzzy Sets , 1996, Inf. Control..

[6]  Claudia Keser,et al.  Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[7]  Li Xiao-feng Model for attribute based access control , 2008 .

[8]  Bella Mody Programming for SITE , 1979 .

[9]  Neeli R. Prasad,et al.  A fuzzy approach to trust based access control in internet of things , 2013, Wireless VITAE 2013.

[10]  David F. Ferraiolo,et al.  Guide to Attribute Based Access Control (ABAC) Definition and Considerations , 2014 .

[11]  Guillermo Navarro-Arribas,et al.  Fuzzy Role-Based Access Control , 2011, Inf. Process. Lett..

[12]  Chonho Lee,et al.  A survey of mobile cloud computing: architecture, applications, and approaches , 2013, Wirel. Commun. Mob. Comput..

[13]  Cees T. A. M. de Laat,et al.  Multi-tenant attribute-based access control for cloud infrastructure services , 2016, J. Inf. Secur. Appl..

[14]  Elisa Bertino,et al.  A Trust-Based Context-Aware Access Control Model for Web-Services , 2004, Proceedings. IEEE International Conference on Web Services, 2004..

[15]  Rajkumar Buyya,et al.  Attribute-based data access control in mobile cloud computing: Taxonomy and open issues , 2017, Future Gener. Comput. Syst..

[16]  Xin Jin,et al.  Attribute-based access control models and implementation in cloud infrastructure as a service , 2014 .

[17]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[18]  Ninghui Li,et al.  Discretionary Access Control , 2011, Encyclopedia of Cryptography and Security.

[19]  David M. Eyers,et al.  Using trust and risk in role-based access control policies , 2004, SACMAT '04.

[20]  Ebrahim H. Mamdani,et al.  An Experiment in Linguistic Synthesis with a Fuzzy Logic Controller , 1999, Int. J. Hum. Comput. Stud..