University of Surrey

Test tubes in the lab Research in the ATI Dance Research

Relationship based access control.

Aktoudianakis, Evangelos (2016) Relationship based access control. Doctoral thesis, University of Surrey.

thesis_FINAL.pdf - Version of Record
Available under License Creative Commons Attribution Non-commercial Share Alike.

Download (1MB) | Preview
Author_Deposit_Agreement (1).pdf
Available under License Creative Commons Attribution Non-commercial Share Alike.

Download (165kB) | Preview


Relationship Based Access Control (ReBAC) has emerged as a popular alternative to traditional access control models, such as Role Based Access Control (RBAC) and Attribute Based Access Control (ABAC). However, some of the model's aspects, such as its expression language and delegation abilities have not been studied in depth. Further-more, existing ReBAC models cater to single policy control, thus not taking into account cases were many access control policies might apply to a single access control object. We propose a ReBAC model, set theoretic ReBac (STReBAC), which bases its expression language on set theory. Our model is expressive and exible, catering to the above problems, and able to overcome access control challenges as discussed by popular ReBAC models without needing to alter its formal grammar. Additionally, we extend our model to handle situations where more than one policy applies to the same access control object. To achieve this we have combined our STReBAC model with PTaCL which is an evaluation framework for ABAC. We provide a solution which is compatible with many industrial standards, such as eXtensible Access Control Markup Language (XACML) and Ponder, and formalise techniques used by those very standards to extend our model without sacri�cing its original exibility. As part of our research, we implement a demonstrator that proves how our formal model can be applied to real life industrial problems, whether as a stand alone project or as part of a larger access control mechanism. To demonstrate the above, we implement our model in terms of Application Programming Interface (API)s that are widely used by today's industry. This shows that our STReBAC models can be translated into implementations which are exible and scalable.

Item Type: Thesis (Doctoral)
Divisions : Theses
Authors :
Aktoudianakis, Evangeloseaktoudianakis@gmail.comUNSPECIFIED
Date : 29 January 2016
Funders : Thales Research UK, University of Surrey
Contributors :
Thesis supervisorTreharne,
Depositing User : Evangelos Aktoudianakis
Date Deposited : 09 Feb 2016 11:13
Last Modified : 09 Feb 2016 11:13

Actions (login required)

View Item View Item


Downloads per month over past year

Information about this web site

© The University of Surrey, Guildford, Surrey, GU2 7XH, United Kingdom.
+44 (0)1483 300800