Deakin University
Browse

File(s) under permanent embargo

Function-based access control (FBAC): towards preventing insider threats in organizations

Version 2 2024-06-13, 13:00
Version 1 2019-05-02, 10:46
chapter
posted on 2024-06-13, 13:00 authored by Y Desmedt, A Shaghaghi
Insiders misuse their access to data and are known to pose serious risks to organizations. From a security engineering viewpoint, each insider threat incident is associated to full, or partial, failure of an access control system. Here, we introduce Function-Based Access Control (FBAC). FBAC is inspired by Functional Encryption but takes a system approach towards the problem. Abstractly, access authorizations are n longer stored as a two-dimensional Access Control Matrix (ACM). Instead, FBAC stores access authorizations as a three-dimensional tensor (called Access Control Tensor). Hence, applications no longer give blind folded execution right and users can only invoke commands that have been authorized at different levels such as data segments. Simply put, one might be authorized to use a certain command on one object while being forbidden to use the same command on another object. Evidently, this level of granularity and customization can not be efficently modeled using the classical access control matrix. The theoretical foundations of FBAC are presented along with Policy, Enforcement, and Implementation (PEI) requirements of it. A critical analysis of the advantages of deploying FBAC, how it will result in developing a new generation of applications, and compatibility with existing models and systems is also included. Finally, a proof of concept implementation of FBAC is presented.

History

Volume

11170

Pagination

143-165

ISSN

0302-9743

eISSN

1611-3349

ISBN-13

978-3-030-04833-4

Language

eng

Publication classification

B1.1 Book chapter

Copyright notice

2018, Springer Nature Switzerland AG

Editor/Contributor(s)

Samarati P, Ray I, Ray I

Publisher

Springer Nature

Place of publication

Cham, Switzerland

Title of book

From database to cyber security

Series

Lecture notes in computer science

Usage metrics

    Research Publications

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC