NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

A System for Centralized ABAC Policy Administration and Local ABAC Policy Decision and Enforcement in Host Systems using Access Control Lists

Published

Author(s)

David F. Ferraiolo, Serban I. Gavrila, Gopi Katwala

Abstract

We describe a method that centrally manages Attribute-Based Access Control (ABAC) policies and locally computes and enforces decisions regarding those policies for protection of resource repositories in host systems using their native Access Control List (ACL) mechanisms. The method is founded on the expression of an ABAC policy that conform to the access control rules of an enterprise and leverages the ABAC policy expression by introducing representations of local host repositories into the ABAC policy expression as objects or object attributes. Repositories may be comprised of individual files, directories, or other resources that require protection. The method further maintains a correspondence between the ABAC representations and repositories in local host systems. The method also leverages an ability to conduct policy analytics in such a way as to formulate ACLs for those representations in accordance with the ABAC policy and create ACLs on repositories using the ACLs of their corresponding representations. As the ABAC policy configuration changes, the method updates the ACLs on affected representations and automatically updates corresponding ACLs on local repositories. Operationally, users attempt to access resources in local host systems, and the ABAC policy is enforced in those systems in terms of their native ACLs.
Proceedings Title
ABAC 2018 : 3rd Workshop on Attribute Based Access Control
Conference Dates
March 21, 2018
Conference Location
Tempe, AZ
Conference Title
8th ACM Conference on Data and Applications Security and Privacy (CODASPY 2018)
Pub Type
Conferences

Download Paper

https://doi.org/10.1145/3180457.3180460

Keywords

Attribute-Based Access Control, ABAC, Access Control List, ACL, policy, repositories
Information technology, Cybersecurity and privacy and Identity and access management

Citation

Ferraiolo, D. , Gavrila, S. and Katwala, G. (2018), A System for Centralized ABAC Policy Administration and Local ABAC Policy Decision and Enforcement in Host Systems using Access Control Lists, ABAC 2018 : 3rd Workshop on Attribute Based Access Control, Tempe, AZ, [online], https://doi.org/10.1145/3180457.3180460 (Accessed October 13, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created March 21, 2018, Updated November 10, 2018
Was this page helpful?