Toggle Main Menu Toggle Search

Open Access padlockePrints

Efficient extended ABAC evaluation

Lookup NU author(s): Dr Charles Morisset


Full text for this publication is not currently held within this repository. Alternative links are provided below where available.


© 2018 Association for Computing Machinery. A main challenge of attribute-based access control (ABAC) is the handling of missing information. Several studies show that the way standard ABAC mechanisms (e.g., XACML) handle missing information is flawed, making ABAC policies vulnerable to attribute-hiding attacks. Recent work addressed the problem of missing information in ABAC by introducing the notion of extended evaluation, where the evaluation of a query considers all possible ways of extending that query. This method counters attribute-hiding attacks, but a naïve implementation is intractable, as it requires an evaluation of the whole query space. In this paper, we present an efficient extended ABAC evaluation method that relies on the encoding of ABAC policies as multiple Binary Decision Diagrams (BDDs), and on the specification of query constraints to avoid including the evaluation of queries that do not represent a valid state of the system. We illustrate our approach on two real-world case studies, which would be intractable with the original method and are analyzed in seconds with our method.

Publication metadata

Author(s): Morisset C, Willemse TAC, Zannone N

Publication type: Conference Proceedings (inc. Abstract)

Publication status: Published

Conference Name: Proceedings of the 23rd ACM Symposium on Access Control Models and Technologies (SACMAT'18)

Year of Conference: 2018

Pages: 149-160

Online publication date: 07/06/2018

Acceptance date: 02/04/2018

Publisher: ACM


DOI: 10.1145/3205977.3205980

Library holdings: Search Newcastle University Library for this item

ISBN: 9781450356664