Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Implementing and Managing Policy Rules in Attribute Based Access Control

Published

Author(s)

Chung Tong Hu, David F. Ferraiolo, David R. Kuhn, Raghu N. Kacker, Yu Lei

Abstract

Attribute Based Access Control (ABAC) is a popular approach to enterprise-wide access control that provides flexibility suitable for today's dynamic distributed systems. ABAC controls access to objects by evaluating policy rules against the attributes of entities (subject and object), operations, and the environment relevant to a request, but great care must be taken in setting up and maintaining the access control rules that allow such flexible operations. This article summarizes important considerations in ABAC deployment first introduced in the "Guide to Attribute Based Access Control."
Proceedings Title
Proceedings of the 2015 IEEE 16th International Conference on Information Reuse and Integration
(IRI 2015)
Conference Dates
August 13-15, 2015
Conference Location
San Francisco, CA
Conference Title
16th IEEE International Conference on Information Reuse and Integration (IRI 2015)

Keywords

ABAC, attribute based access control, NGAC, XACML

Citation

, C. , Ferraiolo, D. , Kuhn, D. , Kacker, R. and Lei, Y. (2015), Implementing and Managing Policy Rules in Attribute Based Access Control, Proceedings of the 2015 IEEE 16th International Conference on Information Reuse and Integration (IRI 2015), San Francisco, CA, [online], https://doi.org/10.1109/IRI.2015.98 (Accessed May 23, 2022)
Created August 13, 2015, Updated November 10, 2018