Prosunjit Biswas’s research while affiliated with The University of Texas at San Antonio and other places

What is this page?


This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.

Publications (6)


Attribute Transformation for Attribute-Based Access Control
  • Conference Paper

March 2017

·

60 Reads

·

15 Citations

Prosunjit Biswas

·

·

Ram Krishnan

In this paper, we introduce the concept of transforming attribute-value assignments from one set to another set. We specify two types of transformations---attribute reduction and attribute expansion. We distinguish policy attributes from non-policy attributes in that policy attributes are used in authorization policies whereas the latter are not. Attribute reduction is a process of contracting a large set of assignments of non-policy attributes into a possibly smaller set of policy attribute-value assignments. This process is useful for abstracting attributes that are too specific for particular types of objects or users, designing modular authorization policies, and modeling hierarchical policies. On the other hand, attribute expansion is a process of performing a large set of attribute-value assignments to users or objects from a possibly smaller set of assignments. We define a language for specifying mapping for the transformation process. We also identify and discuss various issues that stem from the transformation process.


An Attribute-Based Protection Model for JSON Documents

September 2016

·

54 Reads

·

9 Citations

Lecture Notes in Computer Science

There has been considerable research in specifying authorization policies for XML documents. Most of these approaches consider only hierarchical structure of underlying data. They define authorization policies by directly identifying XML nodes in the policies. These approaches work well for hierarchical structure but are not suitable for other required characteristics we identify in this paper as semantical association and scatteredness. This paper presents an attribute based protection model for JSON documents. We assign security-label attribute values to JSON elements and specify authorization policies using these values. By using security-label attribute, we leverage semantical association and scatteredness properties. Our protection mechanism defines two types of policies called authorization and labeling policies. We present an operational model to specify authorization policies and different models for defining labeling policies. Finally, we demonstrate a proof-of-concept for the proposed models in the Swift service of OpenStack IaaS cloud.


Uni-ARBAC: A Unified Administrative Model for Role-Based Access Control

September 2016

·

79 Reads

·

13 Citations

Lecture Notes in Computer Science

Many of the advantages of Role Based Access Control (RBAC) accrue from the flexibility of its administrative models. Over the past two decades, several administrative models have been proposed to manage user-role, permission-role and in some cases role-role relations. These models are based on different administrative principles and bring inherent advantages and disadvantages. In this paper, we present a unified model, named Uni-ARBAC, for administering user-role and permission-role relations by combining many of the administrative principles and novel concepts from prior models. For example, instead of administering individual permissions Uni-ARBAC combines permissions into tasks which are assigned to roles as a unit. Slightly differently, users are assigned to user-pools from where individual users are assigned to roles. The central concept of Uni-ARBAC is to integrate user-role and task-role administration into a more manageable unit called an Administrative Unit (AU). AUs partition roles, tasks and user-pools and they are organized in a rooted tree hierarchy. Administrative users are assigned to AUs with possibility of restricting their authority to user-role assignment or task-role assignment. While most existing models assume existence of administrative roles for managing regular roles, we present an approach for engineering AUs based on structured partitioning of roles and tasks.


A Comparison of Logical-Formula and Enumerated Authorization Policy ABAC Models

July 2016

·

44 Reads

·

8 Citations

Lecture Notes in Computer Science

Logical formulas and enumeration are the two major ways for specifying authorization policies in Attribute Based Access Control (ABAC). While considerable research has been done for specifying logical-formula authorization policy ABAC, there has been less attention to enumerated authorization policy ABAC. This paper presents a finite attribute, finite domain ABAC model for enumerated authorization policies and investigates its relationship with logical-formula authorization policy ABAC models in the finite domain. We show that these models are equivalent in their theoretical expressive power. We also show that single and multi-attribute ABAC models are equally expressive.


Label-Based Access Control: An ABAC Model with Enumerated Authorization Policy

March 2016

·

267 Reads

·

45 Citations

There are two major techniques for specifying authorization policies in Attribute Based Access Control (ABAC) models. The more conventional approach is to define policies by using logical formulas involving attribute values. Examples in this category include ABAC, HGABAC and XACML. The alternate technique for expressing policies is by enumeration. Policy Machine (PM) and 2-sorted-RBAC fall into the later category. In this paper, we present an ABAC model named LaBAC (Label-Based Access Control) which adopts the enumerated style for expressing authorization policies. LaBAC can be viewed as a particularly simple instance of the PolicyMachine. LaBAC uses one user attribute (uLabel) and one object attribute (oLabel). An authorization policy in LaBAC for an action is an enumeration using these two attributes. Thus, LaBAC can be considered as a bare minimum ABAC model. We show equivalence of LaBAC and 2-sorted-RBAC with respect to theoretical expressive power. Furthermore, we show how to configure the traditional RBAC (Role-Based Access Control) and LBAC (Lattice-Based Access Control) models in LaBAC to illustrate its expressiveness.


Content Level Access Control for OpenStack Swift Storage

March 2015

·

206 Reads

·

18 Citations

Swift, the object storage service from OpenStack cloud computing platform is used for storing, managing and retrieving large amounts of data. Inside Swift, uploaded files, also known as objects, are organized in containers. Objects inside a container are managed to be accessible or restricted from users through Access Control Lists (ACLs). Swift ACL, at the finest level, works on a Swift object enforcing who can or cannot access the object. Once an object is accessible to some one, he gets the full content of the object. Thus Swift ACL is an "all or nothing" approach. In this work, we allow Swift users to specify access control at the content level of a Swift object. The content level policy describes who can access which part of a Swift object. When a request comes for downloading (i.e. read) an object, we check content level policy along with the ACL of the object. The response of the request is a partial content of the requested object based on the credential of the requester. Our prototype implementation is done on Swift objects of content type 'application/json'.

Citations (6)


... These attributes can be user specific, object specific or environment specific. For example, "department" could be an attribute for any industry in blockchain environment [68]. Through "department", we can restrict the access to data inside a blockchain. ...

Reference:

Integration of Quantum Computing and Blockchain Technology: A Cryptographic Perspective
Attribute Transformation for Attribute-Based Access Control
  • Citing Conference Paper
  • March 2017

... In this paper, we propose MC-ABAC: Multi-cloud ABAC model, as an extended version of the ABAC [8] (Attribute Based Access Control) model. MC-ABAC leverages the capabilities of ABAC [18], [24], such as flexibility and adaptability. MC-ABAC is especially designed for securing collaboration and cross-tenant access in a multi-cloud environment. ...

An Attribute-Based Protection Model for JSON Documents
  • Citing Conference Paper
  • September 2016

Lecture Notes in Computer Science

... Other administrative models to manage temporal and spatio-temporal extensions of RBAC are presented in Sharma et al. (2013a) and Uzun et al. (2012) and (Sharma et al., 2013b), respectively. A unified administrative model for RBAC, named Uni-ARBAC, is presented in Biswas et al. (2016) that manages user-role and role-permission components of RBAC. In Bhatt et al. (2016), an attribute enabled RBAC model is presented as the extended version of RBAC based OpenStack access control model. ...

Uni-ARBAC: A Unified Administrative Model for Role-Based Access Control
  • Citing Conference Paper
  • September 2016

Lecture Notes in Computer Science

... Our work is motivated by the fact that, even though authors suggest that ABAC is suitable to secure IoT systems [3], [4], existing models are either designed to run in gateways or servers or not expressive enough to control the complex scenarios of IoT environments. For example, previous works developed ABAC models with expressive policy languages based on logic statements [5], [6], [7], [8]; however they require highly specialized parsers, can be NP-complete to audit [9], and lack support for nested attributes. Others that use attribute enumeration to express access rules [10], [11] are simpler to parse and guarantee polynomial execution time, but are severely limited regarding expressiveness. ...

A Comparison of Logical-Formula and Enumerated Authorization Policy ABAC Models
  • Citing Conference Paper
  • July 2016

Lecture Notes in Computer Science