VIAM

Rule-Based Approach to Attribute-Based Access Control (FR17_439)

Funded by

Shota Rustaveli National Science Foundation of Georgia

Start Date: 2017-12-17 End Date: 2020-12-17

Attribute-based access control (ABAC) has been proposed as a highly flexible method for providing access based on the evaluation of attributes (user attributes, resource attributes, environment attribute, etc.). ABAC generalizes traditional access control models (DAC, MAC, and RBAC), and is considered to be more flexible, scalable, and secure in dynamic environments where the number of users is very high, than those models. On the other hand, development of ABAC is in its early stage and there is no agreement on a formal ABAC model. Some recent proposals are operational models ABACα and ABACβ, and an administrative model GURA.

Formal description of access control is extremely important, since it should be defined, unambiguously, how rules regulate what action can be performed by an entity on the resource, how to guarantee that each request gets an authorization decision, how to ensure consistency, etc. We aim at specifying ABAC operational and administrative models in a formalism, which combines the power of conditional rewriting and logic programming, based on the ρLog calculus. Advantages of using such an approach are that rule-based formalisms are expressive with clean declarative semantics, they can be conveniently used for analyzing and proving policy properties, for composing policies, and for answering administrative queries. Besides, there exist various rule-based tools that can be used for rapid prototyping and experimenting.

Project members:

Mircea Marin (Principal Investigator)
Mikheil Rukhaia (Coordinator)
Temur Kutsia (Key Personnel)
Besik Dundua (Key Personnel)

Talks

Solving Hedge Regular Language Equations, by Besik Dundua (Speaker), Mircea Marin at IX Annual International Conference of the Georgian Mathematical Union Dedicated to 100th Anniversary of Ivane Javakhishvili Tbilisi State University, 2018, Batumi, Georgia.
Rule-Based Techniques in Access Control, by Mikheil Rukhaia (Speaker) at IX Annual International Conference of the Georgian Mathematical Union Dedicated to 100th Anniversary of Ivane Javakhishvili Tbilisi State University, 2018, Batumi, Georgia.
Attribute-Based Access Control for Knowledge Representation, by Mikheil Rukhaia (Speaker) at Informatics and Communication Technologies Congress, 2018, Istanbul, Türkiye.
Towards Integrating Attribute-Based Access Control into Ontologies, by Mikheil Rukhaia (Speaker), Besik Dundua at IEEE 2nd Ukraine Conference on Electrical and Computer Engineering, 2019, Lviv, Ukraine.
Towards Formalization of ABACβ in PρLog, by Mikheil Rukhaia (Speaker) at X Annual International Conference of the Georgian Mathematical Union, 2019, Batumi, Georgia.
A Rule-based Approach to the Decidability of Safety of ABACα, by Mircea Marin (Speaker), Temur Kutsia, Besik Dundua at The ACM Symposium on Access Control Models and Technologies (SACMAT 2019), 2019, Toronto, Canada .
Specification and Analysis of ABAC Policies in a Rule-Based Framework, by Mircea Marin (Speaker) at The Fourth International Conference on Applications of Mathematics and Informatics in Natural Sciences and Engineering, 2019, Tbilisi, Georgia.
Specification and Analysis of ABAC Policies in a Rule-Based Framework, by Mircea Marin (Speaker), Besik Dundua, Temur Kutsia, Mikheil Rukhaia at International Conference on Applications of Mathematics and Informatics in Natural Sciences and Engineering, 2019, Tbilisi, Georgia.
A Rule-based System for Computation and Deduction in Mathematica, by Mircea Marin (Speaker), Temur Kutsia, Besik Dundua at International Workshop on Rewriting Logic and its Applications, 2020, Dublin, Ireland .

Publications

Besik Dundua, Mikheil Rukhaia, Towards Integrating Attribute-Based Access Control into Ontologies, In IEEE 2nd Ukraine Conference on Electrical and Computer Engineering, pp. 1052-1056, IEEE, 2019.
Besik Dundua, Temur Kutsia, Mircea Marin, A Rule-based Approach to the Decidability of Safety of ABACα, In Proceedings of the 24th ACM Symposium on Access Control Models and Technologies, pp. 173-178, Association for Computing Machinery, 2019.
Besik Dundua, Temur Kutsia, Mircea Marin, Mikheil Rukhaia, Specification and Analysis of ABAC Policies in a Rule-Based Framework, Springer Proceedings in Mathematics & Statistics, vol 334, pp.101-116, Springer, 2020.
Mircea Marin, Besik Dundua, Temur Kutsia, A Rule-based System for Computation and Deduction in Mathematica, In: Escobar, S., Martí-Oliet, N. (eds) Rewriting Logic and Its Applications. WRLA 2020. Lecture Notes in Computer Science, vol 12328, Springer, 2020.