A New Attribute-Based Access Control Model for RDBMS

Abstract

Abstract One of the challenges in Attribute-Based Access Control (ABAC) implementation is acquiring sufficient metadata against entities and attributes. Intelligent mining and extracting ABAC policies and attributes make ABAC implementation more feasible and cost-effective. This research paper focuses on attribute extraction from an existing enterprise relational database management system – RDBMS. The proposed approach tends to first classify entities according to some aspects of RDBMS systems. By reverse engineering, some metadata elements and ranking values are calculated for each part. Then entities and attributes are assigned a final rank that helps to decide what attribute subset is a candidate to be an optimal input for ABAC implementation. The proposed approach has been tested and implemented against an existing enterprise RDBMS, and the results are then evaluated. The approach enables the choice to trade-off between accuracy and overhead. The results score an accuracy of up to 80% with no overhead or 88% of accuracy with 65% overhead.