Object-Based Security: Summary of the Project

Authors:

  • Lars Westerdahl
  • Amund Gudmundson Hunstad
  • Fredrik Mörnestedt

Publish date: 2014-12-31

Report number: FOI-R--4011--SE

Pages: 36

Written in: Swedish

Keywords:

  • Attribute-Based Access Control
  • Attribute-Based Encryption
  • Access
  • Control
  • Access Control Policy

Abstract

This report summarises the work that has been performed within the FoT-project Object-Based Security, which lasted between 2012 and 2014. The purpose of the project was to investigate the possibilities of realizing a security model in which a security policy follows and governs an information object during and after it has left the information owner's technical domain. The work has been carried out in two tracks. In the first track, proposed solutions within the research community were explored in order to find candidates which could fulfil the goals of an Object-Based Security model. Attribute-Based Encryption (ABE) in particular was explored, as it proved to have great potential to fulfil the goals. In an ABE solution, the security policy follows the information object, thus providing offline security. If a reliable connection to the information owner can be guaranteed however, Attribute-Based Access Control (ABAC) is a more mature and effective solution. The ability to describe subjects, the environment, and information objects in more detail, thus creating a policy with more dynamic access rules was the project's second track. Although the effort was generic, integrity and availability properties were studied in more detail, to see how these properties could support an access decision.