This paper presents UABAC, a Unified Attribute-Based Access Control framework that aims to flexibly and scalarly integrate traditional access control models, including Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Role-Based Access Control (RBAC). We propose a systematic mapping of the fundamental principles of these traditional models into ABAC, ensuring semantic equivalence while maintaining expressiveness. In addition, we introduce the cover of the policy set and inference rules concepts which set the foundation for managing access control rules within ABAC, and support advanced features such as user and object group, delegation, and role inheritance. These extensions enrich policy modeling and enforcement, enabling administrators to reduce manual effort while preserving consistency across diverse access control requirements. By consolidating into a single ABAC-based framework, UABAC addresses the shortcomings of DAC, MAC, and RBAC individually, and mitigates the operational complexity and conflicts arising from using multiple models simultaneously. The proposed framework contributes at the conceptual level, advancing both the theoretical foundation and the practical deployment of unified, attribute-based security management in modern information systems.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

UABAC: A Flexible and Scalable ABAC Framework Unifying DAC, MAC, and RBAC

  • Pham Thi Bach Hue,
  • Minh-Triet Tran

摘要

This paper presents UABAC, a Unified Attribute-Based Access Control framework that aims to flexibly and scalarly integrate traditional access control models, including Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Role-Based Access Control (RBAC). We propose a systematic mapping of the fundamental principles of these traditional models into ABAC, ensuring semantic equivalence while maintaining expressiveness. In addition, we introduce the cover of the policy set and inference rules concepts which set the foundation for managing access control rules within ABAC, and support advanced features such as user and object group, delegation, and role inheritance. These extensions enrich policy modeling and enforcement, enabling administrators to reduce manual effort while preserving consistency across diverse access control requirements. By consolidating into a single ABAC-based framework, UABAC addresses the shortcomings of DAC, MAC, and RBAC individually, and mitigates the operational complexity and conflicts arising from using multiple models simultaneously. The proposed framework contributes at the conceptual level, advancing both the theoretical foundation and the practical deployment of unified, attribute-based security management in modern information systems.