Authorization Recycling in Attribute-Based Access Control
In most access control scenarios, the communication between the PDP (policy decision point) and the PEP (policy enforcement point) can cause high authorization overhead. Authorization recycling enables PEP to use the previous access control decisions fetched from the PDP to handle some upcoming acce...
Saved in:
| Published in | Wireless communications and mobile computing Vol. 2023; pp. 1 - 20 |
|---|---|
| Main Authors | , |
| Format | Journal Article |
| Language | English |
| Published |
Oxford
Hindawi
2023
John Wiley & Sons, Inc |
| Subjects | |
| Online Access | Get full text |
Cover
Loading…
| Abstract | In most access control scenarios, the communication between the PDP (policy decision point) and the PEP (policy enforcement point) can cause high authorization overhead. Authorization recycling enables PEP to use the previous access control decisions fetched from the PDP to handle some upcoming access control requests, reduce authorization costs, and increase the efficiency of access control decision-making. Inspired by the RBAC (role-based access control) authorization recycling mechanism, this article first presents an ABAC (attribute-based access control) model based on Boolean expressions of subject and object attributes. It then proposes an authorization recycling approach for this model. In this approach, we provide construction and update methods for authorization data caches and access control decision-making rules for SDP (secondary decision point) by using the caches. The proposed approach can deduce precise and approximate access control decisions from the cache of authorization data, reducing communication between the PEP and the PDP. Finally, the feasibility of the proposed method is verified by conducting a small-scale test. ABAC, SDP, authorization recycling, and authorization caching. |
|---|---|
| AbstractList | In most access control scenarios, the communication between the PDP (policy decision point) and the PEP (policy enforcement point) can cause high authorization overhead. Authorization recycling enables PEP to use the previous access control decisions fetched from the PDP to handle some upcoming access control requests, reduce authorization costs, and increase the efficiency of access control decision-making. Inspired by the RBAC (role-based access control) authorization recycling mechanism, this article first presents an ABAC (attribute-based access control) model based on Boolean expressions of subject and object attributes. It then proposes an authorization recycling approach for this model. In this approach, we provide construction and update methods for authorization data caches and access control decision-making rules for SDP (secondary decision point) by using the caches. The proposed approach can deduce precise and approximate access control decisions from the cache of authorization data, reducing communication between the PEP and the PDP. Finally, the feasibility of the proposed method is verified by conducting a small-scale test. ABAC, SDP, authorization recycling, and authorization caching. |
| Author | Helil, Nurmamat An, Yan |
| Author_xml | – sequence: 1 givenname: Yan orcidid: 0009-0006-2880-319X surname: An fullname: An, Yan organization: College of Mathematics and System ScienceXinjiang UniversityUrumqiChinaxju.edu.cn – sequence: 2 givenname: Nurmamat orcidid: 0000-0001-9215-8638 surname: Helil fullname: Helil, Nurmamat organization: College of Mathematics and System ScienceXinjiang UniversityUrumqiChinaxju.edu.cn |
| BookMark | eNp9kEtLAzEUhYNUsK3u_AEDLnXszTuzHIsvKAii6yGTSW1KTWqSQeqvd0qLS1f3LD7OuXwTNPLBW4QuMdxizPmMAKEzJhiTUp2gMeYUSiWkHP1lUZ2hSUprAKBA8BhVdZ9XIbofnV3wxas1O7Nx_qNwvqhzjq7tsy3vdLJdURtjUyrmwecYNufodKk3yV4c7xS9P9y_zZ_Kxcvj87xelIZApUpBSStAKaCstVQrKqnCWoGxtNNMUA1gDTVSCd6SrmOUiYpKDILb4UfK6RRdHXq3MXz1NuVmHfroh8mGKMI4lxLwQN0cKBNDStEum210nzruGgzNXk6zl9Mc5Qz49QFfOd_pb_c__QsbwGKb |
| Cites_doi | 10.3390/sym12061050 10.1109/TII.2020.3022759 10.1145/762476.762479 10.3837/tiis.2021.09.011 10.1145/775265.775268 10.1145/1146269.1146285 10.1109/TPDS.2008.80 10.1145/1102120.1102142 10.1145/1133058.1133075 10.1145/501978.501980 10.1109/skg49510.2019.00036 10.1145/3041048.3041051 10.6028/nist.sp.800-162 10.1109/TSC.2020.3025993 10.1145/3205977.3205988 10.1109/35.312842 10.1145/1952982.1952985 10.1145/168588.168605 10.1109/ispa.2008.126 10.1145/3292006.3300048 10.1016/j.comnet.2018.01.034 10.1109/SP.2007.11 10.3724/SP.J.1001.2009.00403 |
| ContentType | Journal Article |
| Copyright | Copyright © 2023 Yan An and Nurmamat Helil. Copyright © 2023 Yan An and Nurmamat Helil. This work is licensed under http://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License. |
| Copyright_xml | – notice: Copyright © 2023 Yan An and Nurmamat Helil. – notice: Copyright © 2023 Yan An and Nurmamat Helil. This work is licensed under http://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License. |
| DBID | RHU RHW RHX AAYXX CITATION 7SC 7SP 7XB 8FD 8FE 8FG ABUWG AFKRA ARAPS AZQEC BENPR BGLVJ CCPQU DWQXO GNUQQ HCIFZ JQ2 K7- L7M L~C L~D M0N P5Z P62 PHGZM PHGZT PIMPY PKEHL PQEST PQGLB PQQKQ PQUKI Q9U |
| DOI | 10.1155/2023/4644778 |
| DatabaseName | Hindawi Publishing Complete Hindawi Publishing Subscription Journals Hindawi Publishing Open Access CrossRef Computer and Information Systems Abstracts Electronics & Communications Abstracts ProQuest Central (purchase pre-March 2016) Technology Research Database ProQuest SciTech Collection ProQuest Technology Collection ProQuest Central (Alumni) ProQuest Central UK/Ireland Advanced Technologies & Aerospace Collection ProQuest Central Essentials ProQuest Central Technology Collection ProQuest One ProQuest Central ProQuest Central Student SciTech Premium Collection ProQuest Computer Science Collection Computer Science Database Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional Computing Database Advanced Technologies & Aerospace Database ProQuest Advanced Technologies & Aerospace Collection ProQuest Central Premium ProQuest One Academic Publicly Available Content Database ProQuest One Academic Middle East (New) ProQuest One Academic Eastern Edition (DO NOT USE) ProQuest One Applied & Life Sciences ProQuest One Academic ProQuest One Academic UKI Edition ProQuest Central Basic |
| DatabaseTitle | CrossRef Publicly Available Content Database Computer Science Database ProQuest Central Student Technology Collection Technology Research Database Computer and Information Systems Abstracts – Academic ProQuest One Academic Middle East (New) ProQuest Advanced Technologies & Aerospace Collection ProQuest Central Essentials ProQuest Computer Science Collection Computer and Information Systems Abstracts ProQuest Central (Alumni Edition) SciTech Premium Collection ProQuest One Community College ProQuest Central ProQuest One Applied & Life Sciences ProQuest Central Korea ProQuest Central (New) Advanced Technologies Database with Aerospace Advanced Technologies & Aerospace Collection ProQuest Computing ProQuest Central Basic ProQuest One Academic Eastern Edition Electronics & Communications Abstracts ProQuest Technology Collection ProQuest SciTech Collection Computer and Information Systems Abstracts Professional Advanced Technologies & Aerospace Database ProQuest One Academic UKI Edition ProQuest One Academic ProQuest One Academic (New) |
| DatabaseTitleList | Publicly Available Content Database CrossRef |
| Database_xml | – sequence: 1 dbid: RHX name: Hindawi Publishing Open Access url: http://www.hindawi.com/journals/ sourceTypes: Publisher – sequence: 2 dbid: 8FG name: ProQuest Technology Collection url: https://search.proquest.com/technologycollection1 sourceTypes: Aggregation Database |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering |
| EISSN | 1530-8677 |
| Editor | Al-Khafaji, Hamza Mohammed Ridha |
| Editor_xml | – sequence: 1 givenname: Hamza Mohammed Ridha surname: Al-Khafaji fullname: Al-Khafaji, Hamza Mohammed Ridha |
| EndPage | 20 |
| ExternalDocumentID | 10_1155_2023_4644778 |
| GrantInformation_xml | – fundername: National Natural Science Foundation of China grantid: 61562085; 61862059 |
| GroupedDBID | .3N .4S .DC .GA 05W 0R~ 123 1L6 1OC 33P 3SF 3WU 4.4 4ZD 50Y 50Z 52M 52O 52T 52U 52W 66C 6OB 702 7PT 8-0 8-1 8-3 8-4 8-5 8UM 930 A03 AAESR AAFWJ AAJEY AAONW ABIJN ABPVW ACGFO ADBBV ADIZJ AENEX AEUQT AFBPY AFKRA AIAGR AJXKR ALAGY ALMA_UNASSIGNED_HOLDINGS AMBMR ARAPS ARCSS ASPBG ATUGU AVWKF AZBYB AZQEC AZVAB BAFTC BCNDV BENPR BGLVJ BHBCM BNHUX BROTX BRXPI CCPQU CS3 D-E D-F DPXWK DR2 DU5 DWQXO EBS EDO F00 F01 F04 F21 G-S G.N GNP GNUQQ GODZA GROUPED_DOAJ H.T H.X HCIFZ HZ~ I-F IAO ITC ITG ITH IX1 JPC K7- KQQ LAW LITHE LP6 LP7 M0N MK4 MY~ N04 N05 NF~ O66 O9- OIG OK1 P2P P2W P2X P4D PIMPY Q.N QB0 QRW R.K RHU RHW RHX RWI RX1 RYL SUPJJ TUS UB1 W8V W99 WBKPD WIH WLBEL XPP XV2 ~IA ~WT 24P AAYXX ACCMX CITATION H13 PHGZM PHGZT 7SC 7SP 7XB 8FD 8FE 8FG AAMMB ABUWG AEFGJ AGXDD AIDQK AIDYY JQ2 L7M L~C L~D P62 PKEHL PQEST PQGLB PQQKQ PQUKI Q9U |
| ID | FETCH-LOGICAL-c2098-632b6088034be3a837381a80ce3da463a00ec3c7865b2dd43469371065e003353 |
| IEDL.DBID | BENPR |
| ISSN | 1530-8669 |
| IngestDate | Fri Jul 25 09:28:30 EDT 2025 Tue Jul 01 04:02:42 EDT 2025 Sun Jun 02 19:19:16 EDT 2024 |
| IsDoiOpenAccess | true |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Language | English |
| License | This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. https://creativecommons.org/licenses/by/4.0 |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c2098-632b6088034be3a837381a80ce3da463a00ec3c7865b2dd43469371065e003353 |
| Notes | ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14 |
| ORCID | 0000-0001-9215-8638 0009-0006-2880-319X |
| OpenAccessLink | https://www.proquest.com/docview/2824557701?pq-origsite=%requestingapplication% |
| PQID | 2824557701 |
| PQPubID | 2034344 |
| PageCount | 20 |
| ParticipantIDs | proquest_journals_2824557701 crossref_primary_10_1155_2023_4644778 hindawi_primary_10_1155_2023_4644778 |
| ProviderPackageCode | CITATION AAYXX |
| PublicationCentury | 2000 |
| PublicationDate | 2023-00-00 |
| PublicationDateYYYYMMDD | 2023-01-01 |
| PublicationDate_xml | – year: 2023 text: 2023-00-00 |
| PublicationDecade | 2020 |
| PublicationPlace | Oxford |
| PublicationPlace_xml | – name: Oxford |
| PublicationTitle | Wireless communications and mobile computing |
| PublicationYear | 2023 |
| Publisher | Hindawi John Wiley & Sons, Inc |
| Publisher_xml | – name: Hindawi – name: John Wiley & Sons, Inc |
| References | 22 23 OASIS (27) 2017 26 29 S. Reeja (16) 2012; 2 30 32 11 C. Liu (28) 2020 12 13 K. Ge (24) 2008; 24 14 15 17 18 19 K. Beznosov (10) 2005 X. F. Li (31) 2008; 29 L. Karijmi (9) 2021 1 2 4 5 6 7 D. Bell (3) 1973; 4 8 Z. C. Zhong (25) 2020 20 21 |
| References_xml | – ident: 5 doi: 10.3390/sym12061050 – ident: 7 doi: 10.1109/TII.2020.3022759 – ident: 11 doi: 10.1145/762476.762479 – ident: 30 doi: 10.3837/tiis.2021.09.011 – ident: 2 doi: 10.1145/775265.775268 – ident: 13 doi: 10.1145/1146269.1146285 – ident: 32 doi: 10.1109/TPDS.2008.80 – ident: 12 doi: 10.1145/1102120.1102142 – ident: 14 doi: 10.1145/1133058.1133075 – ident: 4 doi: 10.1145/501978.501980 – ident: 18 doi: 10.1109/skg49510.2019.00036 – ident: 20 doi: 10.1145/3041048.3041051 – volume: 4 start-page: 229 year: 1973 ident: 3 article-title: Secure computer systems: a mathematical model publication-title: The MITRE Corporation – year: 2021 ident: 9 article-title: Adaptive ABAC policy learning: a reinforcement learning approach – ident: 26 doi: 10.6028/nist.sp.800-162 – ident: 8 doi: 10.1109/TSC.2020.3025993 – ident: 19 doi: 10.1145/3205977.3205988 – ident: 1 doi: 10.1109/35.312842 – ident: 15 doi: 10.1145/1952982.1952985 – ident: 29 doi: 10.1145/168588.168605 – ident: 17 doi: 10.1109/ispa.2008.126 – volume: 24 start-page: 7 issue: 33 year: 2008 ident: 24 article-title: Research on the policy definition in the attribute based access control publication-title: Microcomputer Information – ident: 6 doi: 10.1145/3292006.3300048 – volume-title: Recycling Authorizations: Toward Secondary and Approximate Authorizations Model (SAAM). year: 2005 ident: 10 – volume: 29 start-page: 90 issue: 4 year: 2008 ident: 31 article-title: Model for attribute based access control publication-title: Journal of Communications – volume: 2 start-page: 444 issue: 10 year: 2012 ident: 16 article-title: Role based access control mechanism in cloud computing using cooperative secondary authorization recycling method publication-title: International Journal of Emerging Technology and Advanced Engineering – year: 2017 ident: 27 article-title: The eXtensible access control markup language (XACML), version 3.0 plus errata 01, OASIS standard incorporating approved errata – ident: 22 doi: 10.1016/j.comnet.2018.01.034 – volume-title: Research on Conflict Detection and Resolution Method of ABAC Security Policy year: 2020 ident: 28 – volume-title: Research on Security Policy Optimization in Attribute-Based Access Control year: 2020 ident: 25 – ident: 21 doi: 10.1109/SP.2007.11 – ident: 23 doi: 10.3724/SP.J.1001.2009.00403 |
| SSID | ssj0003021 |
| Score | 2.3149908 |
| Snippet | In most access control scenarios, the communication between the PDP (policy decision point) and the PEP (policy enforcement point) can cause high authorization... |
| SourceID | proquest crossref hindawi |
| SourceType | Aggregation Database Index Database Publisher |
| StartPage | 1 |
| SubjectTerms | Access control Boolean Decision making Gender Recycling |
| SummonAdditionalLinks | – databaseName: Hindawi Publishing Open Access dbid: RHX link: http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV3LSgMxFA22IOhCfGK1ShZ1GczknWUtliLoykJ3Q16j3UylVsS_N5lJRe1Cl2Eyszh5nHsyuecCMKBeO6eZRIw4gZgJBTIV08hWkb2dN5VqHG_uH8Rkyu5mfJZNkl43f-FHtkvynF6zyNtSqg7oxAmWRPlk9rXhUkyyLSpGSgi9vt_-690fzLP9nCTv-3xjC254ZbwP9nJACIftCB6ArVAfgt1vNoFHQKdzrMUyZ0zCGOl9pITGJziv4XDVlqwK6CbykYfDpgAiHLU30I_BdHz7OJqgXPIAOZKcPQUlVsSFjymzgRqVfIcKo7AL1BsmqME4OOqkEtwS7xmN6pbGIEHwkKqycXoCuvWiDqcA6sJjR2Sk92CZwZUhVodKiaKKT4oge-BqDUf50jpblI0i4LxMsJUZth4YZKz-6NZfA1nmZfBaRj3HOJcSF2f_-8o52EnN9oyjD7qr5Vu4iKy_spfNmH8CWTuhzA priority: 102 providerName: Hindawi Publishing |
| Title | Authorization Recycling in Attribute-Based Access Control |
| URI | https://dx.doi.org/10.1155/2023/4644778 https://www.proquest.com/docview/2824557701 |
| Volume | 2023 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwhV1bS8MwFA5uQ9AH8YrTOfowH8PS3Jo-yTY3h-CQ4WBvJU1S3Us33UT89yZtqgNBXwolpZRzyHcuPfk-ADpEx0rFNIIUKw6pNCGUGY1hmtnorbTMRMF48zDh4xm9n7O5b7it_VhlhYkFUOulcj3yri0NKGNRhMKb1St0qlHu76qX0KiBhoVgIeqg0R9OHqffWEwQ9oypCArO42r0nTFX9ZMutelA5CTWtoLS7ourhj8Wv9C5CDmjQ3Dgc8WgVzr3COyY_BjsbzEInoDYtbjsZ5aHKQObBH66s47PwSIPeptSzcrAvg1VOugV2ojBoBxOPwWz0fBpMIZeDQEq7Eg_OcEpt5iACE0NkcJREoVSIGWIlpQTiZBRREWCsxRrTYktfInNHzgzTrCNkTNQz5e5OQdBHGqkcGQjv0mpRJnEaWwywcPMroQmaoLryhzJqiS9SIpigbHEmS3xZmuCjrfVP4-1KkMmfoeskx9_Xvy9fAn23MvKtkcL1Ddv7-bKJgKbtA1qYnTX9j63d7dTbK_T8fwLOtiwQw |
| linkProvider | ProQuest |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV1LTwIxEG4IxqgH4zOiqD3AsaHb1-4ejEEUQR4nSLit3W5XuQAKhvCn_I22-1ASEz1xbrOHr9P5ZmY78wFQoZGvlM9cxIgSiEntIBkzH4WxYW8VydhLJt70-qI1ZE8jPiqAz7wXxj6rzH1i4qijqbI18ppJDRjnroud29kbsqpR9u9qLqGRmkVHr5YmZZvftO_N-VYJaT4MGi2UqQogRezwTEFJKMzdwpSFmkrPjvZxpIeVppFkgkqMtaLK9QQPSRQxahJIanhYcG2Fz6xKhHH5W4waJred6c3Hb89PMcnms2LkCeHnD-05tzUGWmMm-HCtoNsaBW6_2tx7Of7FBQnBNQ_AfhaZwnpqSoegoCdHYG9tXuEx8G1BzYCStm5CE3KubGflCxxPYH2RamdpdGeIMYL1RIkRNtKn8CdguBGUTkFxMp3oMwB9J8KKuCbO0CGTOJYk9HXsCSc2K452S6CawxHM0hEbQZKacB5Y2IIMthKoZFj9s62cAxlk93Ee_FjP-d_L12CnNeh1g26737kAu_bDacGlDIqL9w99aUKQRXiVnDsEz5s2tC9m--Vf |
| linkToPdf | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV1LSwMxEB6kRdGD-MRq1Rz0GJrNc_cg0lZL66OIKHhbs9ms9tL6qIh_zV9nsg8VBD15TtjDl8l8M7OT-QD2WBoZE3GFOTUSc20DrDMe4SRz7G1SnYX5xJvzoexf85MbcTMD79VbGN9WWfnE3FGnE-Nr5C2XGnAhlCJBKyvbIi6OeocPj9grSPk_rZWcRmEip_bt1aVvzweDI3fW-5T2jq-6fVwqDGBD_SBNyWgi3T0jjCeW6dCP-Ql0SIxlqeaSaUKsYUaFUiQ0TTlzySRznCyF9SJoXjHCuf-68llRDeqd4-HF5ScPMELLaa0Eh1JGVdu9EL7iwFrchSLKy7t9I8TZe5-Jv45-MENOd70lWCzjVNQuDGsZZux4BRa-TS9chciX1xwsxUNO5ALQN__O8g6Nxqg9LZS0LO44mkxRO9dlRN2iMX4Nrv8Fp3WojSdjuwEoClJiqHJRh024JpmmSWSzUAaZWwmsasB-BUf8UAzciPNERYjYwxaXsDVgr8Tqj23NCsi4vJ3P8Zctbf6-vAtzzsjis8HwdAvm_XeL6ksTatOnF7vt4pFpslMePILb_7a1Dz6j6vE |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Authorization+Recycling+in+Attribute-Based+Access+Control&rft.jtitle=Wireless+communications+and+mobile+computing&rft.au=An%2C+Yan&rft.au=Helil%2C+Nurmamat&rft.date=2023&rft.issn=1530-8669&rft.eissn=1530-8677&rft.volume=2023&rft.spage=1&rft.epage=20&rft_id=info:doi/10.1155%2F2023%2F4644778&rft.externalDBID=n%2Fa&rft.externalDocID=10_1155_2023_4644778 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1530-8669&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1530-8669&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1530-8669&client=summon |