Function-based access control (FBAC): from access control matrix to access control tensor

The misuse of legitimate access to data is a serious information security concern for both organizations and individuals. From a security engineering viewpoint, this might be due to the failure of access control. Inspired by Functional Encryption, we introduce Function-Based Access Control (FBAC). From an abstract viewpoint, we suggest storing access authorizations as a three-dimensional tensor, or an Access Control Tensor (ACT) rather than the two-dimensional Access Control Matrix (ACM). In FBAC, applications do not give blind folded execution right and can only invoke commands that have been authorized for function defined data segments. So, one might be authorized to use a certain command on one object, while being forbidden to use the same command on another object. Such behavior can not be efficiently modeled using the classical access control matrix or achieved efficiently using cryptographic mechanisms. Here, we lay the theoretical foundations of FBAC and summarize our extended work on implementation and deployment recommendations.