Current information from HFU about the Corona virus: www.hs-furtwangen.de/coronavirus

Attribute-based Access Control for Representational State Transfer

The ABAC4REST project deals with the efficient planning of attribute-based access control for RESTful Services. Attribute-based access control allows the planning of flexible and variable access guidelines, which makes it an excellent candidate to become the dominant access contol model of the future. The current state of technology is mainly based on generic mechanisms which replace the attribute-based model using compositional evaluation mechanisms.

The ABAC4REST project will examine in particular the suitability of the index-based evaluation mechanism compared to compositional mechanisms. Index-based evaluation mechanisms can be used in environments which use unique keys within an interaction. The interaction with RESTful Services for example is based among other things on the use of unique addresses (URIs). The use of this key makes it possible to copy the index-based process, enabling a more efficient evaluation. This is especially interesting when dealing with large amounts of data. A further aim of the project, besides the investigation of index-based evaluation mechanisms, is the development of a suitable language and an appropriate interpreter.

  • Project duration -
  • Research theme Computer Science and Media

List of publications

Access Control (Schreier)

2019 | 2018 | 2017 | 2016 | 2015

2019

Marc HüffmeyerEffiziente Gestaltung und Anwendung von attributbasierter Zugriffskontrolle für RESTful Services

2018

Marc Hüffmeyer, Florian Haupt, Frank Leymann, Ulf SchreierAuthorization-aware HATEOAS
Marc Hüffmeyer, Pascal Hirmer, Bernhard Mitschang, Ulf Schreier, Matthias WielandSituation-Aware Access Control for Industrie 4.0

2017

Philipp Montesano, Marc Hüffmeyer, Ulf SchreierOutsourcing Access Control for a Dynamic Access Configuration of IoT Services
Marc Hüffmeyer, Pascal Hirmer, Bernhard Mitschang, Ulf Schreier, Matthias WielandSitAC – A System for Situation-aware Access Control - Controlling Access to Sensor Data

2016

Marc Hüffmeyer, Ulf SchreierAnalysis of an Access Control System for RESTful Services
Marc Hüffmeyer, Ulf SchreierDesigning Efficient XACML Policies for RESTful Services
Marc Hüffmeyer, Ulf SchreierFormal Comparison of an Attribute Based Access Control Language for RESTful Services with XACML
Marc Hüffmeyer, Ulf SchreierRestACL - An Attribute Based Access Control Language for RESTful Services

2015

Marc Hüffmeyer, Ulf SchreierAn Attribute Based Access Control Model for RESTful Services
Marc Hüffmeyer, Ulf SchreierEfficient Attribute Based Access Control for RESTful Services

Contacts

Former Contacts

  • Marc Hüffmeyer
  • Philipp Montesano