Abstract:
Context-aware access control systems should reactively adapt access control decisions to dynamic environmental
conditions.
We present ERBAC, an event-driven extension of the TRBAC model that allows the specification and enforcement of general reactive policies.
A variety of examples illustrate ERBAC's expressive power, and its ability of handling exceptional situations in a flexible way, while keeping policies compact and manageable. Then we extend XACML to support the new model, and illustrate a prototype implementation of the PDP. Experiments show that the computational cost of policy rule evaluation is compatible with real-world applications.
Piero A. Bonatti, Clemente Galdi, Davide Torres: ERBAC: event-driven RBAC. 18th ACM Symposium on Access Control Models and Technologies, SACMAT '13: pp 125-136.