Improved Access Control Decision Diagrams for ABAC Policy Evaluation and Management

The Multi-data-type Interval Decision Diagram (MIDD) approach can neither express and deal with the critical mark of an attribute correctly, nor present the obligation and advices consistently and process them simply. To remedy MIDD approach defects and deficiencies, some improvements and expansions were proposed. Firstly, the node which was originally defined to represent an attribute of subjects, objects, operations, and environment conditions is re-defined to represent an element of an attribute so that the elements in an attribute-based access control policy can be represented accurately, and no problem for the critical attribute mark. Secondly, the obligation and advices are also used as an element and represented in an internal node to keep nodes consistency and make processing simply. Finally, the combining-algorithm is also added to the decision nodes, so that the policy decision point (PDP) can use it when needed.