Use this URL to cite or link to this record in EThOS:
Title: Relationship based access control
Author: Aktoudianakis, Evangelos
ISNI:       0000 0004 5918 6372
Awarding Body: University of Surrey
Current Institution: University of Surrey
Date of Award: 2016
Availability of Full Text:
Access from EThOS:
Access from Institution:
Relationship Based Access Control (ReBAC) has emerged as a popular alternative to traditional access control models, such as Role Based Access Control (RBAC) and Attribute Based Access Control (ABAC). However, some of the model's aspects, such as its expression language and delegation abilities have not been studied in depth. Further-more, existing ReBAC models cater to single policy control, thus not taking into account cases were many access control policies might apply to a single access control object. We propose a ReBAC model, set theoretic ReBac (STReBAC), which bases its expression language on set theory. Our model is expressive and exible, catering to the above problems, and able to overcome access control challenges as discussed by popular ReBAC models without needing to alter its formal grammar. Additionally, we extend our model to handle situations where more than one policy applies to the same access control object. To achieve this we have combined our STReBAC model with PTaCL which is an evaluation framework for ABAC. We provide a solution which is compatible with many industrial standards, such as eXtensible Access Control Markup Language (XACML) and Ponder, and formalise techniques used by those very standards to extend our model without sacri�cing its original exibility. As part of our research, we implement a demonstrator that proves how our formal model can be applied to real life industrial problems, whether as a stand alone project or as part of a larger access control mechanism. To demonstrate the above, we implement our model in terms of Application Programming Interface (API)s that are widely used by today's industry. This shows that our STReBAC models can be translated into implementations which are exible and scalable.
Supervisor: Treharne, Helen Sponsor: Thales Research UK ; University of Surrey
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID:  DOI: Not available