Attribute-Based Access Control (ABAC) provides a strategy for setting up access rules by exploiting attributes of principals and objects from an enterprise information system or digital credentials. ABAC can replace or complement other approaches like Access Control Lists (ACLs) and Role-Based Access Control (RBAC). In recent years, there has been a growth of other attribute-based systems including Attribute-Based Encryption (ABE) and Attribute-Based Messaging (ABM). In ABM email messages use addresses that describe recipient attributes rather than an explicit list of the recipients. Such addressing makes messages more efficient, exclusive, and intensional but raises challenges for security and privacy. This talk will discuss attribute-based security systems in general and use of ABAC and ABE to solve security problems faced by ABM.
We describe requirements for ABM and a practical architecture that addresses them. We have built a prototype and collected performance results that show its feasibility for at least mid-size organizations. We end with some speculation on other ways to exploit attribute-based security techniques for goals like adding protection to databases and multi-tier web systems.
Dr. Gunter is a professor in the Computer Science Department and Director of the Illinois Security Lab. He does research and teaches in his areas of technical expertise: security, networks, programming languages, and software engineering. His work includes contributions to the semantics and design of programming and policy languages, models and analysis techniques for networks and security, and applications of formal logic in computer science. His current projects focus on security for networked sensors, attribute-based security systems, models and counter-measures for Denial of Service (DoS), and applications of these technologies in electric power systems and health care. He is the author of more than 80 scientific research publications and patents and a textbook on semantics of programming languages published by MIT Press. He is a founder of Probaris Technologies, a company that provides identity management technologies, and has served as a consultant to research labs and companies and as an expert witness on legal cases concerning fraud, contract, copyright, and patent infringement.