On the relationship between finite domain ABAM and PreUCONA

Abstract

Several access control models that use attributes have been proposed, although none so far is regarded as a definitive characterization of attribute-based access control (ABAC). Among these a recently proposed model is the attribute-based access matrix (ABAM) model [14] that extends the HRU model [4] by introducing attributes. In this paper we consider the finite case of ABAM, where the number of attributes is finite and the permissible values (i.e., domain) for each attribute is finite. Henceforth, we understand ABAM to mean finite ABAM. A separately developed model with finite attribute domains is PreUCONA [10], which is a sub-model of the usage control UCON model [9]. This paper explores the relationship between the expressive power of these two finite attribute domain models. Since the safety problem for HRU is undecidable it follows safety is also undecidable for ABAM, while it is known to be decidable for PreUCONA [10]. Hence ABAM cannot be reduced to PreUCONA. We define a special case of ABAM called RL-ABAM2 and show that RL-ABAM2 and PreUCONA are equivalent in expressive power, but each has its own advantages. Finally, we propose a possible way to combine the advantages of these two models.