Policy Review in Attribute-Based Access Control

dc.contributor.advisorKrishnan, Ram
dc.contributor.authorLawal, Sherifdeen
dc.contributor.committeeMemberChen, Guenevere
dc.contributor.committeeMemberFernandez, Maribel
dc.contributor.committeeMemberJohn, Eugene
dc.creator.orcidhttps://orcid.org/0000-0002-8685-7181
dc.date.accessioned2024-02-12T14:53:22Z
dc.date.available2024-02-12T14:53:22Z
dc.date.issued2021
dc.descriptionThis item is available only to currently enrolled UTSA students, faculty or staff. To download, navigate to Log In in the top right-hand corner of this screen, then select Log in with my UTSA ID.
dc.description.abstractThe Next Generation Access Control (NGAC), founded on the Policy Machine (PM), is a robust Attribute-Based Access Control (ABAC) framework that enables a structured and flexible approach for the establishment of the conventional access control models. The authorization state of the policy machine is an annotated Directed Acyclic Graph (DAG). Structurally, relations among attributes of the same type are hierarchical. This structure allows specifying authorization/revocation in multiple ways. However, one or more limitations can make most of the approaches to grant or revoke access inconsistent with existing policies. We proposed a variety of algorithms that provides the Policy Machine administrator a comprehensive list of all possible methods to authorize or revoke access using ABAC policy review. The approaches generated by these algorithms can help the PM administrator make an informed decision before access authorization or revocation. This work began with a pilot study where we consider the policy review for authorization of an administrative access right, user assignment. The preliminary work evolved to a generic algorithm that reviews authorization policy for other administrative access rights. A thorough extension of the generic algorithm accommodates the policy review of authorization with constraints and revocation. In recent times, as the number of blockchain use cases continues to grow, methods and technologies utilized by fraudsters continue to become sophisticated. The most notable form of cyber-attack utilizes a security breach in the internal security of blockchain systems, leading to illegal access to application services. A complex system like the blockchain network requires a dynamic, flexible, and scalable access control mechanism. There are numerous research efforts to leverage smart contracts in implementing access control based on blockchain. However, most of these contributions are either focused on blockchain-based access control for an off-chain resource. Other effects implement blockchain-based access control for a specific domain. This dissertation presents the first-ever implementation of the NIST NGAC (Policy Machine) system in a blockchain network. We utilized an instance of the Policy Machine for controlling access to assets in multiple blockchain ledgers. We implemented and evaluated the algorithms in this dissertation on the Hyperledger Fabric blockchain network.
dc.description.departmentElectrical and Computer Engineering
dc.format.extent103 pages
dc.format.mimetypeapplication/pdf
dc.identifier.urihttps://hdl.handle.net/20.500.12588/4361
dc.languageen
dc.subjectAccess Management
dc.subjectAttribute-Based Access Control
dc.subjectNational Institute of Standards and Technology
dc.subjectNext Generation Access Control
dc.subjectPolicy Authorization Graph
dc.subjectPrivacy and Security
dc.subject.classificationInformation technology
dc.subject.classificationElectrical engineering
dc.titlePolicy Review in Attribute-Based Access Control
dc.typeThesis
dc.type.dcmiText
dcterms.accessRightspq_closed
thesis.degree.departmentElectrical and Computer Engineering
thesis.degree.grantorUniversity of Texas at San Antonio
thesis.degree.levelDoctoral
thesis.degree.nameDoctor of Philosophy

Files

Original bundle

Now showing 1 - 1 of 1
No Thumbnail Available
Name:
Lawal_utsa_1283D_13472.pdf
Size:
1.02 MB
Format:
Adobe Portable Document Format