Higher-Order (Temporal) Relationship-Based Access Control

Abstract

With the advent of technologies such as the Internet of Things, new type of relationships have emerged between users and devices. These relationships are transient, which means they can be activated and terminated over time. Existing Relationship-Based Access Control (ReBAC) models are not designed for handling such relationships efficiently. In this work, we present a ReBAC model that can incorporate such transient relationships, thus allowing the creation of access control policies that can use the transient nature of relationships to grant authorization. We call this model Higher-Order (Temporal) Relationship-Based Access Control (HO(T)-ReBAC) model. This thesis formalized the HO(T)-ReBAC model and defined a formal policy language for access control policies in HO(T)-ReBAC. We then discussed case studies based on real-world scenarios where HO(T)-ReBAC can be deployed for authorization decisions. After that, we designed and presented an efficient model implementation that can be used for large-scale projects in the real world. We empirically evaluated our implementation of HO(T)-ReBAC using a real-world social graph and the use case we discussed. Our evaluation found our implementation to be efficient for real-world large-scale projects.