BishtRef
Articles Journals Publishers Authors Subjects Most Cited New Papers Year Stats Open Access
journal article Jan 02, 2017

Current Research and Open Problems in Attribute-Based Access Control

Daniel Servos ORCID Sylvia L. Osborn
ACM Computing Surveys Vol. 49 No. 4 pp. 1-45 · Association for Computing Machinery (ACM)
View at Publisher Save 10.1145/3007204
Abstract
Attribute-based access control (ABAC) is a promising alternative to traditional models of access control (i.e., discretionary access control (DAC), mandatory access control (MAC), and role-based access control (RBAC)) that is drawing attention in both recent academic literature and industry application. However, formalization of a foundational model of ABAC and large scale adoption is still in its infancy. The relatively recent emergence of ABAC still leaves a number of problems unexplored. Issues like delegation, administration, auditability, scalability, hierarchical representations, and the like, have been largely ignored or left to future work.
This article provides a basic introduction to ABAC and a comprehensive review of recent research efforts toward developing formal models of ABAC. A taxonomy of ABAC research is presented and used to categorize and evaluate surveyed articles. Open problems are identified based on the shortcomings of the reviewed works and potential solutions discussed.
Topics

No keywords indexed for this article. Browse by subject →

References
100
[4]
Hadiseh Seyyed Alipour and Mehdi Sabbari . 2012 . Definition of action and attribute based access control rules for web services . In Proceedings of the 2012 International Conference on Industrial Engineering and Operations Management. 869--878 . Hadiseh Seyyed Alipour and Mehdi Sabbari. 2012. Definition of action and attribute based access control rules for web services. In Proceedings of the 2012 International Conference on Industrial Engineering and Operations Management. 869--878.
[7]
Ezedin Barka and Ravi Sandhu . 2000 b. A role-based delegation model and some extensions . In Proceedings of the 23rd National Information Systems Security Conference. 396--404 . Ezedin Barka and Ravi Sandhu. 2000b. A role-based delegation model and some extensions. In Proceedings of the 23rd National Information Systems Security Conference. 396--404.
[11]
Khalid Zaman Bijon , Ram Krishman , and Ravi Sandhu . 2013. Constraints specification in attribute based access control. Science 2, 3 ( 2013 ), pp--131. Khalid Zaman Bijon, Ram Krishman, and Ravi Sandhu. 2013. Constraints specification in attribute based access control. Science 2, 3 (2013), pp--131.
[15]
Daniel J. Buehrer , Lo Tse-Wen , and Hsieh Chih-Ming . 2001. Abia cadabia: A distributed, intelligent database architecture. Intelligent Multimedia, Computing, and Communications ( 2001 ), 1--3. Daniel J. Buehrer, Lo Tse-Wen, and Hsieh Chih-Ming. 2001. Abia cadabia: A distributed, intelligent database architecture. Intelligent Multimedia, Computing, and Communications (2001), 1--3.
[16]
Daniel J. Buehrer and Chun-Yao Wang. 2012. CA-ABAC: Class algebra attribute-based access control . In Proceedings of the 2012 IEEE/WIC/ACM International Joint Conferences on Web Intelligence and Intelligent Agent Technology-Volume 03 . IEEE Computer Society, 220--225. Daniel J. Buehrer and Chun-Yao Wang. 2012. CA-ABAC: Class algebra attribute-based access control. In Proceedings of the 2012 IEEE/WIC/ACM International Joint Conferences on Web Intelligence and Intelligent Agent Technology-Volume 03. IEEE Computer Society, 220--225.
[24]
James Clark and Steve DeRose. 1999. XML path language (XPath). W3C Recommendation 16. James Clark and Steve DeRose. 1999. XML path language (XPath). W3C Recommendation 16.
[31]
S. Farrell and R. Housley. 2002. An Internet Attribute Certificate Profile for Authorization. RFC 3281. RFC Editor. Retrieved from https://www.ietf.org/rfc/rfc3281.txt. S. Farrell and R. Housley. 2002. An Internet Attribute Certificate Profile for Authorization. RFC 3281. RFC Editor. Retrieved from https://www.ietf.org/rfc/rfc3281.txt. 10.17487/rfc3281
[32]
S. Farrell R. Housley and S. Turner. 2010. An Internet Attribute Certificate Profile for Authorization. RFC 5755. RFC Editor. Retrieved from https://tools.ietf.org/html/rfc5755. S. Farrell R. Housley and S. Turner. 2010. An Internet Attribute Certificate Profile for Authorization. RFC 5755. RFC Editor. Retrieved from https://tools.ietf.org/html/rfc5755. 10.17487/rfc5755
[33]
David Ferraiolo. 2013. Towards an ABAC Family of Models. Retrieved from http://csrc.nist.gov/projects/abac/july2013_workshop/july2013_abac_workshop_abac-model-framework_dferraiolo.pdf. David Ferraiolo. 2013. Towards an ABAC Family of Models. Retrieved from http://csrc.nist.gov/projects/abac/july2013_workshop/july2013_abac_workshop_abac-model-framework_dferraiolo.pdf.
[38]
Kathi Fisler , Shriram Krishnamurthi , Leo A. Meyerovich , and Michael Carl Tschantz . 2005 . Verification and change-impact analysis of access-control policies . In Proceedings of the 27th International Conference on Software Engineering. ACM, 196--205 . Kathi Fisler, Shriram Krishnamurthi, Leo A. Meyerovich, and Michael Carl Tschantz. 2005. Verification and change-impact analysis of access-control policies. In Proceedings of the 27th International Conference on Software Engineering. ACM, 196--205.
[44]
Ian Horrocks , Peter F. Patel-Schneider , Harold Boley , Said Tabet , Benjamin Grosof , Mike Dean , and others. 2004 . SWRL: A semantic web rule language combining OWL and RuleML. W3C Member Submission 21 (2004), 79. Ian Horrocks, Peter F. Patel-Schneider, Harold Boley, Said Tabet, Benjamin Grosof, Mike Dean, and others. 2004. SWRL: A semantic web rule language combining OWL and RuleML. W3C Member Submission 21 (2004), 79.
[45]
Vincent C. Hu , David Ferraiolo , Rick Kuhn , Arthur R. Friedman , Alan J. Lang , Margaret M. Cogdell , Adam Schnitzer , Kenneth Sandlin , Robert Miller , and Karen Scarfone . 2013 . Guide to attribute based access control (ABAC) Definition and Considerations (Draft) . NIST Special Publication 800 (2013), 162 . Vincent C. Hu, David Ferraiolo, Rick Kuhn, Arthur R. Friedman, Alan J. Lang, Margaret M. Cogdell, Adam Schnitzer, Kenneth Sandlin, Robert Miller, and Karen Scarfone. 2013. Guide to attribute based access control (ABAC) Definition and Considerations (Draft). NIST Special Publication 800 (2013), 162.

Showing 50 of 100 references

Cited By
208
Balance forgetting and remembering: An extension of machine unlearning for policy updates in machine learning-based access control

Ningbo Liu, Jia Duan · 2026

Neurocomputing
Metrics
208
Citations
100
References
Details
Published
Jan 02, 2017
Vol/Issue
49(4)
Pages
1-45
License
View
Authors
D
Daniel Servos

University of Western Ontario, Ontario, Canada

S
Sylvia L. Osborn

University of Western Ontario, Ontario, Canada

Cite This Article
Daniel Servos, Sylvia L. Osborn (2017). Current Research and Open Problems in Attribute-Based Access Control. ACM Computing Surveys, 49(4), 1-45. https://doi.org/10.1145/3007204
Related

You May Also Like

Data clustering

A. K. Jain, M. N. Murty · 1999

9,568 citations

Anomaly detection

Varun Chandola, Arindam Banerjee · 2009

8,799 citations

Machine learning in automated text categorization

Fabrizio Sebastiani · 2002

5,027 citations

Object tracking

Alper Yilmaz, Omar Javed · 2006

3,632 citations

A Survey on Bias and Fairness in Machine Learning

Ninareh Mehrabi, Fred Morstatter · 2021

3,466 citations