Attribute based access control module for cross-origin web requests

Timur V. Ulbi, Olga R. Laponina

Abstract


The article analyzes the possibilities of the RBAC and ABAC standards for managing access to resources from various sources.  One of the advantages of ABAC is that it allows you to describe an infinite number of different scenarios without the need to create new roles, which allows you to create and modify rules more flexibly. The article highlights the following advantages of ABAC: the ability to describe access control in terms close to the terms of the business logic of the application, the ability to significantly automate the creation of both simple and complex access control rules, including rules with dynamic parameters. The XACML language is used to describe access control rules. Currently, the CORS standard is used to control access to web resources from different sources.

This article explores the module architecture for the Node.js framework for attribute-based access control for cross-domain origins. The module includes basic tools for setting up ABAC and CORS in Node.js applications. The module provides a web interface with which the service administrator can change the set of rules for various access points (Endpoints) of the application in real-time mode. The module satisfies the following functional requirements: web interface for setting up access rules; declarative configuration of cross-domain requests for different origins (CORS); configuring attribute-based access to both the entire application and individual access points. The description of the module operation in accordance with XACML is given.


Full Text:

PDF (Russian)

References


AUTHENTICATION AND AUTHORIZATION OF MOBILE CLIENTS IN PUBLIC DATA NETWORKS/VENKY K., KAN Z., 2002;

David F. Ferraiolo Role-Based Access Control/ D. Richard Kuhn, Ramaswamy Chandramouli, 1992;

Application of Attribute Based Access Control Model for Industrial Control Systems, 2017;

Das S. POLICY ENGINEERING IN RBAC AND ABAC/Sural S., Mitra B., 2018;

Role-Based ABAC Model for Implementing Least Privileges/Zhiguang Q., Javed A., 2018;

Guide to Attribute Based Access Control (ABAC) Definition and Considerations/Vincent C. Hu, Ferraiolo D., 2014;

Proposed NIST Standard for Role-Based Access Control/Sandhu R.., Ferraiolo D., 2001;

XACML Profile for Role Based Access Control (RBAC)/Anderson A.. 2001;

eXtensible Access Control Markup Language (XACML) Version 3.0 Plus Errata 01, 2017;

ATTRIBUTE-BASED ACCESS CONTROL MODELS AND IMPLEMENTATION IN CLOUD INFRASTRUCTURE AS A SERVICE/ Ravi Sandhu, Ph.D., Co-Chair, 2014;

Specification Cross Origin Resource Sharing - https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

L. Huang Protecting Browsers from Cross-Origin CSS Attacks/С. Evans, Z. Weinberg.


Refbacks

  • There are currently no refbacks.


Abava  Кибербезопасность IT Congress 2024

ISSN: 2307-8162