-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy patheap-model.tex
More file actions
29 lines (24 loc) · 1.49 KB
/
eap-model.tex
File metadata and controls
29 lines (24 loc) · 1.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
\chapter{Enumerated Authorization Policy Models}
\label{sec:concepts}
In this chapter, we first discuss Enumerated Authorization Policy (EAP) ABAC models based on one user attribute and one object attribute. Subsequently we define EAP ABAC models based on multiple user and object attributes.
%For the sake of clarity and emphasis on different elements of the model, we present a family of EAP models. We call these models \eapABAC{} family.
\input{ABAC16/labac-1-11-diagram.tex}
\input{ABAC16/labac-family.tex}
%\section{\eapABAC{} Family}
\section{Single Attribute Enumerated Authorization-Policy Models}
\input{family.tex}
\section{Functional Specification of \eapABAC{} models}
\input{functional-specification.tex}
\section{Configuring Traditional Models in \eapABAC{}}
\label{sec:configuration}
In this section, we establish relationship between \eapABAC{} and traditional access control models. We first show that \eapABAC{} is equivalent to \twoSortedRBAC{} which is an enumerated policy model for RBAC. Additionally, we show how to configure RBAC and LBAC using \eapABAC{} model.
\subsection{Equivalence of \eapABAC{} and \twoSortedRBAC{} }
\input{ABAC16/equivalence.tex}
\subsection{Configuring LBAC in \eapABAC{}}
\input{ABAC16/lbac-in-eap.tex}
\subsection{Configuring RBAC in \eapABAC{}}
\input{ABAC16/rbac-in-eap.tex}
\subsection{\eapABAC{} as a Subset of \policyMachine{}}
\input{ABAC16/eap-in-pm.tex}
\section{Multi Attribute Enumerated Authorization-Policy Model }
\input{ABAC16/eap-abac-mn.tex}