A Scalable Permission Management System With Support of Conditional and Customized Attributes

Along with the classical problem of managing multiple identities, actions, devices, APIs etc. in different businesses, there has been an escalating need for having the capability of flexible attribute based access control~(ABAC) mechanisms. In order to fill this gap, several variations of ABAC model...

Full description

Saved in:
Bibliographic Details
Published inarXiv.org
Main Authors Liu, Baiyu, Palia, Abhinav, Shan-Ho, Yang
Format Paper
LanguageEnglish
Published Ithaca Cornell University Library, arXiv.org 17.04.2018
Subjects
Online AccessGet full text

Cover

Loading…
More Information
Summary:Along with the classical problem of managing multiple identities, actions, devices, APIs etc. in different businesses, there has been an escalating need for having the capability of flexible attribute based access control~(ABAC) mechanisms. In order to fill this gap, several variations of ABAC model have been proposed such as \textit{Amazon's AWS IAM}, which uses JSON as their underlying storage data structure and adds policies/constraints as fields over the regular ABAC. However, these systems still do not provide the capability to have customized permissions and to perform various operations (such as comparison/aggregation) on them. In this paper, we introduce a string based resource naming strategy that supports the customized and conditional permissions for resource access. Further, we propose the basic architecture of our system which, along with our naming scheme, makes the system scalable, secure, efficient, flexible and customizable. Finally, we present the proof of concept for our algorithm as well as the experimental set up and the future trajectory for this work.
ISSN:2331-8422