University of Calgary
UofC Navigation

iCIS Group Talk - Project ?: Combining Relationship- and Attribute-Based Access Control in a Graph Database

Date & Time:
June 2, 2017 | 1:00 pm
ICT 618B
Zain Rizvi

Relationship-Based Access Control (ReBAC) bases its authorization decisions on the relationships between the entities in the system, while Attribute-Based Access Control (ABAC) bases its authorization decisions on the attributes of the requestor, the resource, and the environment. The focus of this project is to combine ReBAC and ABAC to form an access control model that supports both relationships and attributes for authorization decision. This combined model uses Neo4j, a graph database, as its backend for storing the protection state. Along with formalizing this model, I will also provide a simple policy language that will allow end users to easily specify access control policies as well as an efficient authorization checking algorithm. The formalization described in this work will be accompanied with supporting tools/libraries so that end users can find the model easily useable.

The motivation behind this work is to not only present a formalized model, but also provide the tools needed to actually use said model.