Abstract
We present a new model for attribute-based access control (ABAC) called Tees Confidentiality Model version 2 (TCM2). The model handles negative permissions and overrides in a single permission processing mechanism. We formally specify this mechanism using the B-Method, thus indicating how permissions are constructed. TCM2 extends the approaches of ABAC and parameterized role-based access control (RBAC) in that users, operations, and protected objects have properties, which we call classifiers. The simplest form of a classifier is an attribute, as defined for users in ABAC; additional information is also handled by classifiers. Classifier values themselves are hierarchically structured. A permission consists of a set of classifier values, and permissions review/determining an individual’s risk exposure is carried out by database querying. We illustrate this using a health records scenario. The model has general applicability to areas where tightly controlled sharing of data and applications, with well-defined overrides, is required.
Original language | English |
---|---|
Title of host publication | Case Studies in Secure Computing |
Subtitle of host publication | Achievements and Trends |
Publisher | CRC Press |
Pages | 89-110 |
Number of pages | 22 |
ISBN (Electronic) | 9781482207071 |
ISBN (Print) | 9781482207064 |
DOIs | |
Publication status | Published - 1 Jan 2014 |