RPPM: A Relationship-Based Access Control Model Utilising Relationships, Paths and Principal Matching

James Sellwood

Research output: ThesisDoctoral Thesis

903 Downloads (Pure)


Since their introduction, the use (and abuse) of computer systems has grown astronomically, and consequently so has the need to manage the sharing of data between users, processes and systems. Within a computer it is the access control system, implementing a formally defined access control model, which is responsible for enacting the security policies to prevent unauthorized disclosure, manipulation, and deletion of system and user data. I begin this thesis by discussing the background and development of key historical access control models, and by highlighting their features and limitations. In the remainder of this thesis I then present the design of a relationship-based access control model, called RPPM, which I introduce with the intention of addressing the limitations of existing models, and to accommodate richer types of access control policy.

My contribution to the body of knowledge is, therefore, the design of the RPPM access control model. RPPM is the first relationship-based access control model formally, and fully designed for general computing applications, whether they comprise one or more isolated, networked or distributed systems. I first introduce a base functional RPPM model and subsequently introduce three sets of enhancements which provide incremental developments to the fundamental workings of RPPM; these enhancements increase the expressiveness of the base model's policy language, as well as introducing optimisations, such as caching, and support for history-based policies. I then introduce several enhancements focused on applying RPPM to general computing scenarios: administration; and inter-operation. I demonstrate how all of these features may be consolidated into a single model which may then be applied to publish/subscribe architectures. Finally, I tailor this relationship-based publish/subscribe access control system to Internet of Things as this is a particularly topical and important application domain in need of security controls.
Original languageEnglish
Awarding Institution
  • Royal Holloway, University of London
Award date1 Nov 2017
Publication statusPublished - 2017

Cite this