•  About
    • About the Lab
    • Director’s Note
    • Our Vision
    • Founding Donor
    • Advisory Board
    • Principal Investigators
  • People
    • Associated Faculty
    • Executive Committee
    • Students
    • Program Directorate
  • TrustNet
  •  Projects
  •  Resources
    • Pre-Doctoral Program
    • Internships
    • Early Career Award
    • Trust Lab Grant
    • Trust Lab Fellowship
  •  News
    • Trust Matters
    • Quick Updates
  •  Events
    • Talks
    • Trust Summit
    • TL CTF
    • Schools
    • All Events
  •  Engage
  •  About
    • About the Lab
    • Director’s Note
    • Our Vision
    • Founding Donor
    • Advisory Board
    • Principal Investigators
  • People
    • Associated Faculty
    • Executive Committee
    • Students
    • Program Directorate
  • TrustNet
  •  Projects
  •  Resources
    • Pre-Doctoral Program
    • Internships
    • Early Career Award
    • Trust Lab Grant
    • Trust Lab Fellowship
  •  News
    • Trust Matters
    • Quick Updates
  •  Events
    • Talks
    • Trust Summit
    • TL CTF
    • Schools
    • All Events
  •  Engage

Software Design for a Rich, Robust and Configurable Access Control in Complex Multi-User Networked Application

Overview
People
Outcome
Overview

Some multi-user networked applications have complex access control policies. A rich model called ‘Attribute Based Access Control’ is general enough to express any access control policy, because it simply proposes that access control should be based on ‘attributes’ of the user, the resource and also on time. This has the potential to capture all policies, as long as the attributes can be captured in the application data. While ABAC is a relatively straightforward idea, its implementation can be non-trivial. While implementing access control in a program, properties such as self-documenting code, ease of maintenance and separation of business logic and access control are desirable. Similarly, the code should easily support updates to the access control policy. Ideally one would want a general framework such that access control policy can be updated with no changes to the application source code. We propose to study and improve the state of the art in access control by proposing a software design which achieves the following goals: 1.Defines an elegant code implementation practice that self-documents the access control policy. 2.Separates the role of a developer who is implementing the business logic, or the functionality and only needs to perform the query for getting the required access to a resource, from the developer who implements the access control policy and writes the code that grants orrejects the requested access based on such a policy. 3.Disallows direct uncontrolled access to resources. This will require development of a middleware layer on which the application code is developed. 4. Allows user-configurable access control policy updates that require no code changes
Active from 2023
Funding: Trust Lab Grant 2023

People

Varsha Apte

Outcome
Twitter Facebook-f Linkedin Youtube
  • trustlabcse.iitb.ac.in
  • +91-22-2159-6725
  • First Floor, New CSE Building
    Department of Computer Science and Engineering,
    Indian Institute of Technology Bombay,
    Powai, Mumbai 400076
IITB logo