IBAC Mathematics and Mechanics: The Case for 'Integer Based Access Control' of Data Security in the Age of AI and AI Automation

TL;DR

This paper introduces Integer-Based Access Control (IBAC), a mathematically grounded method for fast, efficient, and flexible data security filtering suitable for AI, databases, and document authorization, extending traditional models.

Contribution

The paper presents IBAC, a novel security model using integer tokens for rapid, flexible data access control, extending the Bell-LaPadula model with a new process constraint.

Findings

IBAC enables high-speed row-level data filtering.

IBAC supports federated authorization across diverse systems.

The extended Bell-LaPadula model improves security and flexibility.

Abstract

Current methods for data access control, especially regarding AI and AI automation, face unique challenges in ensuring appropriate data access. We introduce Integer-Based Access Control (IBAC), addressing the limitations of Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC). IBAC's mathematical foundations enable its application to relational and NoSQL databases, as well as document authorization. We demonstrate IBAC's suitability for filtering relational database row-level information and AI and NLP access based on separation of duty, supporting both "need to know" and "need to share" data restrictions. IBAC uses security tokens, which are integers representing aggregated security attributes. These tokens maintain orthogonality across encoded attributes but are stored as integers for fast real-time vector comparison and efficient dominance testing. This mechanism allows high-speed row-level result filtering, ensuring unauthorized records are excluded before results reach the requester. We extend the Bell-LaPadula model by incorporating a "process constraint," overcoming RBAC and ABAC limitations with reduced complexity, increased flexibility, and enhanced performance in data filtering. Our theorems demonstrate the extended Dominance relationship, facilitating rapid federated authorization across diverse databases and file systems. This work reaffirms the practical strength of the Bell-LaPadula model in data security through (1) our mathematical extension, (2) a novel IBAC security attribute encoding scheme, and (3) a simplified dominance testing mechanism for security tokens without decoding.