• Skip to main content
  • Skip to after header navigation
  • Skip to site footer
ERN: Emerging Researchers National Conference in STEM

ERN: Emerging Researchers National Conference in STEM

  • About
    • About AAAS
    • About the NSF
    • About the Conference
    • Partners/Supporters
    • Project Team
  • Conference
  • Abstracts
    • Undergraduate Abstract Locator
    • Graduate Abstract Locator
    • Abstract Submission Process
    • Presentation Schedules
    • Abstract Submission Guidelines
    • Presentation Guidelines
  • Travel Awards
  • Resources
    • Award Winners
    • Code of Conduct-AAAS Meetings
    • Code of Conduct-ERN Conference
    • Conference Agenda
    • Conference Materials
    • Conference Program Books
    • ERN Photo Galleries
    • Events | Opportunities
    • Exhibitor Info
    • HBCU-UP/CREST PI/PD Meeting
    • In the News
    • NSF Harassment Policy
    • Plenary Session Videos
    • Professional Development
    • Science Careers Handbook
    • Additional Resources
    • Archives
  • Engage
    • Webinars
    • ERN 10-Year Anniversary Videos
    • Plenary Session Videos
  • Contact Us
  • Login

Safety and Consistency of Subject Attributes for Attribute-Based Pre-Authorization Models

Graduate #40
Discipline: Computer Sciences and Information Management
Subcategory: Computer Science & Information Systems
Session: 1
Room: Park Tower 8219

Mehrnoosh Shakarami - University of Texas at San Antonio (UTSA)
Co-Author(s): RAVI SANDHU, University of Texas at San Antonio (UTSA), San Antonio, Texas.



The most common paradigm in Attribute-Based Access Control is pre-authorization, in which an access decision is made only once to be utilized by the policy enforcement point. From the perspective of the decision point, there are several components on basis of which an access decision is made: subject attribute values, object attribute values, environment attribute values and authorization policy. In this paper, we assume that the policy and current values of object and environment attributes are known with high assurance at the policy decision point. This is reasonable since the decision and enforcement points are often co-located with the object’s custodian who is responsible for object attribute values and authorization policy, and shares the environment with the object. Subject attributes, however, are usually collected incrementally from multiple attribute authorities. This incremental assembly along with differing validity periods for subject attribute values, raises the potential for inconsistency of subject attribute values at the decision point.
The problem of such inconsistencies has been previously studied in context of trust negotiation and distributed proof systems [7, 9]. We recast this prior work in context of a system where subjects are not attribute-shy and no negotiation is required to disclose subject attribute values. In this paper, we propose four increasingly powerful consistency levels with strict subset relationship between levels. The highest level limits the exposure of the decision point to obsolete attribute values by taking into account the request time, which is missing in the previous work [9]. We define the formal specification of each consistency level and identify the properties guaranteed by that level. We discuss implication of these consistency levels in different practical scenarios and compare our work with related previous research.

Funder Acknowledgement(s): The research is funded by CREST Center for Security and Privacy Enhanced Cloud Computing (C-SPECC) program, NSF Award 1736209.

Faculty Advisor: Professor Ravi Sandhu, ravi.sandhu@utsa.edu

Role: I did the research under supervision of Professor Ravi Sandhu.

Sidebar

Abstract Locators

  • Undergraduate Abstract Locator
  • Graduate Abstract Locator

This material is based upon work supported by the National Science Foundation (NSF) under Grant No. DUE-1930047. Any opinions, findings, interpretations, conclusions or recommendations expressed in this material are those of its authors and do not represent the views of the AAAS Board of Directors, the Council of AAAS, AAAS’ membership or the National Science Foundation.

AAAS

1200 New York Ave, NW
Washington,DC 20005
202-326-6400
Contact Us
About Us

  • LinkedIn
  • Facebook
  • Instagram
  • Twitter
  • YouTube

The World’s Largest General Scientific Society

Useful Links

  • Membership
  • Careers at AAAS
  • Privacy Policy
  • Terms of Use

Focus Areas

  • Science Education
  • Science Diplomacy
  • Public Engagement
  • Careers in STEM

Focus Areas

  • Shaping Science Policy
  • Advocacy for Evidence
  • R&D Budget Analysis
  • Human Rights, Ethics & Law

© 2023 American Association for the Advancement of Science