Abstract

In Attribute-Based Access Control (ABAC), access is granted based on the attributes of the requesting user. ABAC is a highly flexible and scalable access control scheme which can deal with diverse security requirements in a grid computing environment. However, in ABAC the user attributes published by the identity providers for authorisation decision may cause some privacy violation. We developed an attribute release control mechanism to publish an optimal set of user attributes that are essential to access a desired resource (or service), while exposing the least amount of sensitive user information. To facilitate the selection of an optimal set of user attributes, we also developed a Web service, named Security Policy Publication Service (SPPS), which retrieves the access condition from the access control policies in eXtensible Access Control Markup Language (XACML) and converts it into a Disjunctive Normal Form (DNF) of user attributes. For the implementation of our privacy-preserving ABAC, we used the Globus Toolkit and modified the Shibboleth Identity Provider and GridShib. Our performance analysis shows that the overhead of the proposed system is very small.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.