UABAC: A Flexible and Scalable ABAC Framework Unifying DAC, MAC, and RBAC
摘要
This paper presents UABAC, a Unified Attribute-Based Access Control framework that aims to flexibly and scalarly integrate traditional access control models, including Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Role-Based Access Control (RBAC). We propose a systematic mapping of the fundamental principles of these traditional models into ABAC, ensuring semantic equivalence while maintaining expressiveness. In addition, we introduce the cover of the policy set and inference rules concepts which set the foundation for managing access control rules within ABAC, and support advanced features such as user and object group, delegation, and role inheritance. These extensions enrich policy modeling and enforcement, enabling administrators to reduce manual effort while preserving consistency across diverse access control requirements. By consolidating into a single ABAC-based framework, UABAC addresses the shortcomings of DAC, MAC, and RBAC individually, and mitigates the operational complexity and conflicts arising from using multiple models simultaneously. The proposed framework contributes at the conceptual level, advancing both the theoretical foundation and the practical deployment of unified, attribute-based security management in modern information systems.