Fong, PhilipRizvi, Syed Zain2015-09-162015-09-162015http://hdl.handle.net/11023/2459Relationship-Based Access Control (ReBAC) is a general-purpose access control paradigm for application domains in which authorization must take into account the relationship between the access requestor and the resource owner. This thesis presents an evolution of Fong's ReBAC model in two steps. First, I formalize and extend the first time implementation of ReBAC into a production-scale medical records system, OpenMRS. This extension incorporates sophisticated authorization schemes recently proposed in the literature, as well as a performance evaluation of these schemes. Second, the model is further extended to incorporate the notion of demarcations and authorization-time constraints. These extensions allow ReBAC to interoperate with legacy Role-Based Access Control at a fine-grained level, and significantly increase the expressiveness of the model. Also presented are the design of two authorization procedures (one of which has an algorithmic structure akin to an SMT solver) along with optimization techniques.engUniversity of Calgary graduate students retain copyright ownership and moral rights for their thesis. You may use this material in any way that is permitted by the Copyright Act or through licensing that has been assigned to the document. For uses that are not allowable under copyright legislation or licensing, you are required to seek permission.Computer ScienceAccess Controlrelationship predicateprotection stateaccess control modelauthorization principalrelationship based access controlauthorization procedurelazy evaluationrole based access controldemarcation hierarchylazy authorization procedureauthorization graphpapr constraintstrict grant semantichybrid logic formulahybrid logicrebac modeleager evaluationmeap constraintpredicate value cachingprivilege requirementLanguage Policyauthorization decisionmodel checkingopen source medical record systemaccess control policySocial NetworkReBAC2015master thesis10.11575/PRISM/27553