Attribute-Based Security and Messaging

Опубликовано 6 сентября 2016, 17:06

Attribute-Based Access Control (ABAC) provides a strategy for setting up access rules by exploiting attributes of principals and objects from an enterprise information system or digital credentials. ABAC can replace or complement other approaches like Access Control Lists (ACLs) and Role-Based Access Control (RBAC). In recent years, there has been a growth of other attribute-based systems including Attribute-Based Encryption (ABE) and Attribute-Based Messaging (ABM). In ABM email messages use addresses that describe recipient attributes rather than an explicit list of the recipients. Such addressing makes messages more efficient, exclusive, and intensional but raises challenges for security and privacy. This talk will discuss attribute-based security systems in general and use of ABAC and ABE to solve security problems faced by ABM. We describe requirements for ABM and a practical architecture that addresses them. We have built a prototype and collected performance results that show its feasibility for at least mid-size organizations. We end with some speculation on other ways to exploit attribute-based security techniques for goals like adding protection to databases and multi-tier web systems.