Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Attribute-based access control
Hu V., Ferraiolo D., Chandramouli R., Kuhn D., Artech House, Inc., Norwood, MA, 2017. 280 pp.  Type: Book (978-1-630811-34-1)
Date Reviewed: Sep 5 2018

In many applications, it becomes a necessity to define who (which user) is allowed to access what (which resource). This is achieved via access control. Several models for access control exist. Attribute-based access control (ABAC) is one of them, and forms the focus of this book, published as part of a National Institute of Standards and Technology (NIST) project [1]. NIST has produced other publications on ABAC, including proceedings of workshops, conferences, and reports [2]. ABAC is an alternative to role-based access control (RBAC), which allows access only through roles assigned to users. ABAC has some advantages over RBAC. This is the first book devoted exclusively to ABAC. Its audience includes academics, computer science (CS) and information technology (IT) students, industry and government employees, military personnel, and security professionals, among others.

The book consists of 11 chapters. The introductory chapter provides a brief history of access control and ushers in ABAC. The subsequent chapters discuss access control models, the ABAC model and how it compares with RBAC, the practical deployment of ABAC using the Extensible Access Control Markup Language (XACML) standard, the next generation access control (NGAC) standard, approaches for verifying ABAC policies, concepts related to attributes, the challenges faced during the deployment of ABAC in various application architectures (including web service environments), life cycle considerations, the use of ABAC in commercially available products, and open-source implementations.

The book focuses on practical aspects rather than theory. The attention devoted to deployment, products, testing, standards, and the life cycle make it useful for implementers. Many books employ the unified modeling language (UML), especially its class diagrams and sequence diagrams, for ease of understanding and implementation; however, regrettably, this book uses block diagrams. The book does not make use of security patterns to depict models. Such patterns would have been very helpful for novices in the field. There is no concluding chapter. The authors could have discussed the future prospects of ABAC at least briefly. NIST researchers produced the book, so the references are mostly to NIST works; other important research is missing. For example, the Third ACM Workshop on Attribute-Based Access Control [3] could have been cited. In fact, David Ferraiolo, one of the authors of this book, chaired one of the sessions of that workshop. Ferraiolo also contributed a research paper on ABAC to the workshop. Nevertheless, despite these minor shortcomings, this first book on ABAC will be very useful for its intended audience.

Reviewer:  S. V. Nagaraj Review #: CR146232 (1812-0616)
1) Attribute based access control. NIST, Gaithersburg, MD, (accessed 08/06/2018).
2) Hu, V. C.; Ferraiolo, D.; Kuhn, R.; Schnitzer, A.; Sandlin, K.; Miller, R.; Scarfone, K. Guide to attribute based access control (ABAC) definition and considerationsNIST Special Publication 800-162: NIST Special Publication 800-162. NIST, Gaithersburg, MD, 2014,
3) Proceedings of the Third ACM Workshop on Attribute-Based Access Control (ABAC 2018), ACM, Tempe, AZ, 2018.
Bookmark and Share
  Reviewer Selected
Editor Recommended
Featured Reviewer
Access Controls (D.4.6 ... )
Security and Protection (K.6.5 )
Would you recommend this review?
Other reviews under "Access Controls": Date
Attribute-based access control
Hu V., Ferraiolo D., Chandramouli R., Kuhn D.,  Artech House, Inc., Norwood, MA, 2017. 280 pp. Type: Book (978-1-630811-34-1), Reviews: (1 of 2)
Jul 20 2018
A formal proximity model for RBAC systems
Gupta A., Kirkpatrick M., Bertino E.  Computers and Security 4152-67, 2014. Type: Article
Aug 22 2014
Security model based encryption to protect data on cloud
Ghebghoub Y., Boussaid O., Oukid S.  ISDOC 2014 (Proceedings of the International Conference on Information Systems and Design of Communication, Lisbon, Portugal,  May 16-17, 2014) 50-55, 2014. Type: Proceedings
Aug 8 2014

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright © 2000-2019 ThinkLoud, Inc.
Terms of Use
| Privacy Policy