We present a new model for attribute-based access control (ABAC) called Tees Confidentiality Model version 2 (TCM2). The model handles negative permissions and overrides in a single permission processing mechanism. We formally specify this mechanism using the B-Method, thus indicating how permissions are constructed. TCM2 extends the approaches of ABAC and parameterized role-based access control (RBAC) in that users, operations, and protected objects have properties, which we call classifiers. The simplest form of a classifier is an attribute, as defined for users in ABAC; additional information is also handled by classifiers. Classifier values themselves are hierarchically structured. A permission consists of a set of classifier values, and permissions review/determining an individual’s risk exposure is carried out by database querying. We illustrate this using a health records scenario. The model has general applicability to areas where tightly controlled sharing of data and applications, with well-defined overrides, is required.
|Title of host publication||Case Studies in Secure Computing|
|Subtitle of host publication||Achievements and Trends|
|Number of pages||22|
|Publication status||Published - 1 Jan 2014|