Abstract
There are two major techniques for specifying authorization policies in Attribute Based Access Control (ABAC) models. The more conventional approach is to define policies by using logical formulas involving attribute values. Examples in this category include ABAC, HGABAC and XACML. The alternate technique for expressing policies is by enumeration. Policy Machine (PM) and 2-sorted-RBAC fall into the later category. In this paper, we present an ABAC model named LaBAC (Label-Based Access Control) which adopts the enumerated style for expressing authorization policies. LaBAC can be viewed as a particularly simple instance of the PolicyMachine. LaBAC uses one user attribute (uLabel) and one object attribute (oLabel). An authorization policy in LaBAC for an action is an enumeration using these two attributes. Thus, LaBAC can be considered as a bare minimum ABAC model. We show equivalence of LaBAC and 2-sorted-RBAC with respect to theoretical expressive power. Furthermore, we show how to configure the traditional RBAC (Role-Based Access Control) and LBAC (Lattice-Based Access Control) models in LaBAC to illustrate its expressiveness.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
