Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Attribute-based access control
Hu V., Ferraiolo D., Chandramouli R., Kuhn D., Artech House, Inc., Norwood, MA, 2017. 280 pp. Type: Book (978-1-630811-34-1)
Date Reviewed: Jul 20 2018

Due to the increasing distribution and complexity of current applications, attribute-based access control (ABAC) is slowly becoming the only way to control access. This monograph summarizes the accumulated knowledge on this important subject and has a rather practical orientation, simplifying or omitting most theoretical aspects. Overall, the treatment is clear and conveys the important ideas behind ABAC. Relating ABAC to Extensible Access Control Markup Language (XACML) and next generation access control (NGAC), two industry standards, provides a good application path for the theoretical concepts of ABAC. Chapters on testing, deployment, and life cycle provide useful practical guidelines to implement the abstract models.

However, the use of block diagrams to show the dynamic aspects of these models was a poor decision. Regretfully, this is a common trend in National Institute of Standards and Technology (NIST) publications. Developers and researchers (the main audience) can read unified modeling language (UML) models. Using UML class and sequence diagrams, as done in [1], would have made these models more precise and easier to implement. Considering the book’s practical orientation, the lack of security patterns to describe the models is also notable (see [1,2]). Patterns can make the application of security concepts significantly easier for people who are not security experts.

Most of the references are to NIST works, which reduces the book’s research value. For example, the Association for Computing Machinery (ACM) recently held its 3rd Workshop on Attribute Based Access Control; this is an important source for researchers, but it is ignored here. Furthermore, the book does not provide any conclusions or future perspectives.

In summary, the book contains a good amount of useful information, but it is neither up to date nor precise enough to be really helpful to researchers. The use of UML and patterns would have made this work more accessible to practitioners.

Reviewer:  E. B. Fernandez Review #: CR146164 (1810-0529)
1) Fernandez-Buglioni, E. Security patterns in practice: designing secure architectures using software patterns. Wiley, Hoboken, NJ, 2013.
2) Priebe, T.; Fernandez, E. B.; Mehlau, J. I.; Pernul, G. A pattern system for access control. In: Research directions in data and applications security XVIII. 235-249, Kluwer Academic Publishers, Norwell, MA, 2004.
Bookmark and Share
  Featured Reviewer  
 
Access Controls (D.4.6 ... )
 
 
Security and Protection (K.6.5 )
 
Would you recommend this review?
yes
no
Other reviews under "Access Controls": Date
Access control lists in capability environments
Lopriore L. Technology and Science of Informatics 3(3): 163-174, 1984. Type: Article
Mar 1 1985
Some variants of the take-grant protection model
Biskup J. (ed) Information Processing Letters 19(3): 151-156, 1984. Type: Article
Jun 1 1985
On access checking in capability-based systems
Kain R., Landwehr C. (ed) IEEE Transactions on Software Engineering SE-13(2): 202-207, 1987. Type: Article
Dec 1 1987
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy