Paper 3

Due to the rapid development of large scale and big data systems, attribute-based access control (ABAC) model has inaugurated a new wave in the research field of access control. In this paper, we propose a novel and comprehensive mechanism for enforcing attribute-based security policies stored in JSON documents. We build a lightweight grammar for conditional expressions that are the combination of subject, resource, and environment attributes so that the policies are flexible, dynamic and fine grained. Besides, we also present an extension from the ABAC model for privacy protection with the approach of purpose usage. The notion of purpose is associated with levels of data disclosure and constraints to support more fine-grained privacy policies. A prototype built for the proposed model using Java and MongoDB has also presented in the paper. The experiment is carried out to illustrate the relationship between the processing time for access decision and the complexity of policies.