Attribute Based Access Control (ABAC)

Attribute-based access control (ABAC) is an authentication model that assesses attributes (or characteristics) instead of roles to verify access. ABAC aims to protect objects such as network devices, data, and IT resources from unauthorized users and actions—those that don’t align with “”approved”” characteristics as outlined by an organization’s security policies.

ABAC rose to fame as a form of logical access control in the past decade and evolved from simple access control lists and role-based access control (RBAC). As part of a project to assist federal organizations in improving their access control architectures, the Federal Chief Information Officers Council authorized ABAC in 2011. ABAC is the suggested model for organizations to share information securely.

This post will delve into greater depth to analyze how attribute-based access control works and how adopting ABAC could benefit your organization.

Attribute Based Access Control (ABAC)

FAQs

  • What is ABAC used for?

    ABAC aims to protect objects such as data, network devices, and IT resources from unauthorized users and actions—those that don’t align with “approved” characteristics as outlined by an organization’s security policies.

  • Where is ABAC used?

    Applications. The model of ABAC can be applied at any level of the enterprise infrastructure or technology stack. For example, an organization can use ABAC at the firewall, server, application, database, and data layer.

  • How do you implement attribute-based access control?

    Here is how AWS ABAC works:
    – It uses attributes as tags and attaches them to IAM resources and entities such as roles and users.
    – Create a single or a set of ABAC policies to comply with IAM principles.
    – Configure AWS ABAC policies to conduct operations when a principal’s tag matches a resource tag.

  • What are the advantages of ABAC over RBAC?

    In most cases, ABAC has plenty more control variables than RBAC. Since ABAC can control security and access on a fine-grained basis, it’s mainly implemented to reduce risks arising from unauthorized access.

  • What is the difference between PBAC and ABAC?

    PBAC focus on policies that allow or deny resource access to the end user, whereas ABAC focuses on the specific characteristics that affect the policies.