A framework for the extended evaluation of ABAC policies

Charles Morisset, Tim A. C. Willemse, Nicola Zannone (Corresponding author)

Research output: Contribution to journalArticleAcademicpeer-review

7 Downloads (Pure)

Abstract

A main challenge of attribute-based access control (ABAC) is the handling of missing information. Several studies have shown that the way standard ABAC mechanisms, e.g. based on XACML, handle missing information is flawed, making ABAC policies vulnerable to attribute-hiding attacks. Recent work has addressed the problem of missing information in ABAC by introducing the notion of extended evaluation, where the evaluation of a query considers all queries that can be obtained by extending the initial query. This method counters attribute-hiding attacks, but a naïve implementation is intractable, as it requires an evaluation of the whole query space. In this paper, we present a framework for the extended evaluation of ABAC policies. The framework relies on Binary Decision Diagram (BDDs) data structures for the efficient computation of the extended evaluation of ABAC policies. We also introduce the notion of query constraints and attribute value power to avoid evaluating queries that do not represent a valid state of the system and to identify which attribute values should be considered in the computation of the extended evaluation, respectively. We illustrate our framework using three real-world policies, which would be intractable with the original method but which are analyzed in seconds using our framework.
Original languageEnglish
Article number6
Number of pages21
JournalCybersecurity
Volume2
Issue number1
DOIs
Publication statusPublished - 2019

Fingerprint

Access control
Binary decision diagrams
Data structures

Cite this

@article{f49c93f469714f7eb8bfff6c9b7246a2,
title = "A framework for the extended evaluation of ABAC policies",
abstract = "A main challenge of attribute-based access control (ABAC) is the handling of missing information. Several studies have shown that the way standard ABAC mechanisms, e.g. based on XACML, handle missing information is flawed, making ABAC policies vulnerable to attribute-hiding attacks. Recent work has addressed the problem of missing information in ABAC by introducing the notion of extended evaluation, where the evaluation of a query considers all queries that can be obtained by extending the initial query. This method counters attribute-hiding attacks, but a na{\"i}ve implementation is intractable, as it requires an evaluation of the whole query space. In this paper, we present a framework for the extended evaluation of ABAC policies. The framework relies on Binary Decision Diagram (BDDs) data structures for the efficient computation of the extended evaluation of ABAC policies. We also introduce the notion of query constraints and attribute value power to avoid evaluating queries that do not represent a valid state of the system and to identify which attribute values should be considered in the computation of the extended evaluation, respectively. We illustrate our framework using three real-world policies, which would be intractable with the original method but which are analyzed in seconds using our framework.",
author = "Charles Morisset and Willemse, {Tim A. C.} and Nicola Zannone",
year = "2019",
doi = "10.1186/s42400-019-0024-0",
language = "English",
volume = "2",
journal = "Cybersecurity",
issn = "2523-3246",
publisher = "Springer",
number = "1",

}

A framework for the extended evaluation of ABAC policies. / Morisset, Charles; Willemse, Tim A. C.; Zannone, Nicola (Corresponding author).

In: Cybersecurity, Vol. 2, No. 1, 6, 2019.

Research output: Contribution to journalArticleAcademicpeer-review

TY - JOUR

T1 - A framework for the extended evaluation of ABAC policies

AU - Morisset, Charles

AU - Willemse, Tim A. C.

AU - Zannone, Nicola

PY - 2019

Y1 - 2019

N2 - A main challenge of attribute-based access control (ABAC) is the handling of missing information. Several studies have shown that the way standard ABAC mechanisms, e.g. based on XACML, handle missing information is flawed, making ABAC policies vulnerable to attribute-hiding attacks. Recent work has addressed the problem of missing information in ABAC by introducing the notion of extended evaluation, where the evaluation of a query considers all queries that can be obtained by extending the initial query. This method counters attribute-hiding attacks, but a naïve implementation is intractable, as it requires an evaluation of the whole query space. In this paper, we present a framework for the extended evaluation of ABAC policies. The framework relies on Binary Decision Diagram (BDDs) data structures for the efficient computation of the extended evaluation of ABAC policies. We also introduce the notion of query constraints and attribute value power to avoid evaluating queries that do not represent a valid state of the system and to identify which attribute values should be considered in the computation of the extended evaluation, respectively. We illustrate our framework using three real-world policies, which would be intractable with the original method but which are analyzed in seconds using our framework.

AB - A main challenge of attribute-based access control (ABAC) is the handling of missing information. Several studies have shown that the way standard ABAC mechanisms, e.g. based on XACML, handle missing information is flawed, making ABAC policies vulnerable to attribute-hiding attacks. Recent work has addressed the problem of missing information in ABAC by introducing the notion of extended evaluation, where the evaluation of a query considers all queries that can be obtained by extending the initial query. This method counters attribute-hiding attacks, but a naïve implementation is intractable, as it requires an evaluation of the whole query space. In this paper, we present a framework for the extended evaluation of ABAC policies. The framework relies on Binary Decision Diagram (BDDs) data structures for the efficient computation of the extended evaluation of ABAC policies. We also introduce the notion of query constraints and attribute value power to avoid evaluating queries that do not represent a valid state of the system and to identify which attribute values should be considered in the computation of the extended evaluation, respectively. We illustrate our framework using three real-world policies, which would be intractable with the original method but which are analyzed in seconds using our framework.

U2 - 10.1186/s42400-019-0024-0

DO - 10.1186/s42400-019-0024-0

M3 - Article

VL - 2

JO - Cybersecurity

JF - Cybersecurity

SN - 2523-3246

IS - 1

M1 - 6

ER -