Relationship-based access control: protection model and policy language

  • Fong P
  • 2

    Readers

    Mendeley users who have this article in their library.
  • N/A

    Citations

    Citations of this article.

Abstract

Social Network Systems pioneer a paradigm of access control that is distinct from traditional approaches to access control. Gates coined the term Relationship-Based Access Control ({ReBAC)} to refer to this paradigm. {ReBAC} is characterized by the explicit tracking of interpersonal relationships between users, and the expression of access control policies in terms of these relationships. This work explores what it takes to widen the applicability of {ReBAC} to application domains other than social computing. To this end, we formulate an archetypical {ReBAC} model to capture the essence of the paradigm, that is, authorization decisions are based on the relationship between the resource owner and the resource accessor in a social network maintained by the protection system. A novelty of the model is that it captures the contextual nature of relationships. We devise a policy language, based on modal logic, for composing access control policies that support delegation of trust. We use a case study in the domain of Electronic Health Records to demonstrate the utility of our model and its policy language. This work provides initial evidence to the feasibility and utility of {ReBAC} as a general-purpose paradigm of access control.

Author-supplied keywords

  • Access Controls General Terms Security
  • Design
  • Language
  • Theory Keywords Contexts
  • contexts
  • electronic health records
  • modal logic
  • policy lan-guage
  • policy language
  • relationship-based access control
  • social networks
  • {ACMSearch}

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document

Authors

  • Philip W L Fong

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free