Simplifying Attribute-Based Access Control (ABAC) for Modern Enterprises
DOI:
https://doi.org/10.32628/CSEIT251112332Keywords:
Attribute-Based Access Control (ABAC), Granular Access Management, Context-Aware Security Policies, Zero Trust Architecture, , Cloud-Native SecurityAbstract
This article provides a comprehensive exploration of Attribute-Based Access Control (ABAC) and its growing importance in modern enterprise security. It begins by explaining the core principles and components of ABAC, contrasting it with traditional Role-Based Access Control (RBAC) to highlight its advantages in flexibility, granularity, and context-awareness. The article then delves into the practical aspects of implementing ABAC in organizations, discussing key steps such as assessing current systems, defining attributes, developing policies, and managing the transition. Real-world examples illustrate ABAC's application in securing cloud-native applications and managing access for dynamic workforce scenarios. The article also addresses challenges associated with ABAC implementation, including policy complexity, performance considerations, legacy system integration, and privacy concerns. Finally, it examines future trends in ABAC, such as its integration with artificial intelligence and machine learning, its role in zero-trust security models, and ongoing standardization efforts. Throughout, the article emphasizes ABAC's potential to revolutionize access management by enabling more nuanced, adaptive security policies that can better align with the complexities of modern enterprise environments.
Downloads
References
MarketsandMarkets. (2023). Attribute-Based Access Control Market - Global Forecast to 2028. https://www.marketsandmarkets.com/Market-Reports/attribute-based-access-control-market-208154545.html
Scott Rose, Oliver Borchert et al., National Institute of Standards and Technology. (August 2020). Zero Trust Architecture (NIST Special Publication 800-207). https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf
European Data Protection Board. (02 September 2020). Guidelines 07/2020 on the concepts of controller and processor in the GDPR. https://edpb.europa.eu/sites/default/files/consultation/edpb_guidelines_202007_controllerprocessor_en.pdf
OASIS. (22 January 2013). eXtensible Access Control Markup Language (XACML) Version 3.0. http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html
Vincent C. Hu, David Ferraiolo et al., NIST Special Publication(January 2014 ). Guide to Attribute Based Access Control (ABAC) Definition and Considerations. https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-162.pdf
Cloud Security Alliance. (2021). Cloud Controls Matrix v4. https://cloudsecurityalliance.org/research/cloud-controls-matrix/
National Institute of Standards and Technology. (2022). Special Publication 800-207: Zero Trust Architecture. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf
International Organization for Standardization. (2022). ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection — Information security management systems — Requirements. https://www.iso.org/obp/ui/#iso:std:iso-iec:27001:ed-3:v1:en
European Data Protection Board. (2021). Guidelines 01/2021 on Examples regarding Data Breach Notification. 2021. https://www.edpb.europa.eu/our-work-tools/documents/public-consultations/2021/guidelines-012021-examples-regarding-data-breach_en
Vincent C. Hu et al., National Institute of Standards and Technology. (2023). NIST Special Publication 800-205: Attribute Considerations for Access Control Systems. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-205.pdf
Downloads
Published
Issue
Section
License
Copyright (c) 2025 International Journal of Scientific Research in Computer Science, Engineering and Information Technology
This work is licensed under a Creative Commons Attribution 4.0 International License.