Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Attribute-based access control
Hu V., Ferraiolo D., Chandramouli R., Kuhn D., Artech House, Inc., Norwood, MA, 2017. 280 pp. Type: Book (978-1-630811-34-1)
Date Reviewed: Sep 5 2018

In many applications, it becomes a necessity to define who (which user) is allowed to access what (which resource). This is achieved via access control. Several models for access control exist. Attribute-based access control (ABAC) is one of them, and forms the focus of this book, published as part of a National Institute of Standards and Technology (NIST) project [1]. NIST has produced other publications on ABAC, including proceedings of workshops, conferences, and reports [2]. ABAC is an alternative to role-based access control (RBAC), which allows access only through roles assigned to users. ABAC has some advantages over RBAC. This is the first book devoted exclusively to ABAC. Its audience includes academics, computer science (CS) and information technology (IT) students, industry and government employees, military personnel, and security professionals, among others.

The book consists of 11 chapters. The introductory chapter provides a brief history of access control and ushers in ABAC. The subsequent chapters discuss access control models, the ABAC model and how it compares with RBAC, the practical deployment of ABAC using the Extensible Access Control Markup Language (XACML) standard, the next generation access control (NGAC) standard, approaches for verifying ABAC policies, concepts related to attributes, the challenges faced during the deployment of ABAC in various application architectures (including web service environments), life cycle considerations, the use of ABAC in commercially available products, and open-source implementations.

The book focuses on practical aspects rather than theory. The attention devoted to deployment, products, testing, standards, and the life cycle make it useful for implementers. Many books employ the unified modeling language (UML), especially its class diagrams and sequence diagrams, for ease of understanding and implementation; however, regrettably, this book uses block diagrams. The book does not make use of security patterns to depict models. Such patterns would have been very helpful for novices in the field. There is no concluding chapter. The authors could have discussed the future prospects of ABAC at least briefly. NIST researchers produced the book, so the references are mostly to NIST works; other important research is missing. For example, the Third ACM Workshop on Attribute-Based Access Control [3] could have been cited. In fact, David Ferraiolo, one of the authors of this book, chaired one of the sessions of that workshop. Ferraiolo also contributed a research paper on ABAC to the workshop. Nevertheless, despite these minor shortcomings, this first book on ABAC will be very useful for its intended audience.

Reviewer:  S. V. Nagaraj Review #: CR146232 (1812-0616)
1) Attribute based access control. NIST, Gaithersburg, MD, https://csrc.nist.gov/projects/attribute-based-access-control (accessed 08/06/2018).
2) Hu, V. C.; Ferraiolo, D.; Kuhn, R.; Schnitzer, A.; Sandlin, K.; Miller, R.; Scarfone, K. Guide to attribute based access control (ABAC) definition and considerationsNIST Special Publication 800-162: NIST Special Publication 800-162. NIST, Gaithersburg, MD, 2014, http://dx.doi.org/10.6028/NIST.SP.800-162.
3) Proceedings of the Third ACM Workshop on Attribute-Based Access Control (ABAC 2018), ACM, Tempe, AZ, 2018.
Bookmark and Share
  Reviewer Selected
Editor Recommended
Featured Reviewer
 
 
Access Controls (D.4.6 ... )
 
 
Security and Protection (K.6.5 )
 
Would you recommend this review?
yes
no
Other reviews under "Access Controls": Date
Access control lists in capability environments
Lopriore L. Technology and Science of Informatics 3(3): 163-174, 1984. Type: Article
Mar 1 1985
Some variants of the take-grant protection model
Biskup J. (ed) Information Processing Letters 19(3): 151-156, 1984. Type: Article
Jun 1 1985
On access checking in capability-based systems
Kain R., Landwehr C. (ed) IEEE Transactions on Software Engineering SE-13(2): 202-207, 1987. Type: Article
Dec 1 1987
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy