Specification and Analysis of ABAC Policies via the Category-Based Metamodel

Date

2019-03-25

ORCID

Journal Title

Journal ISSN

Volume Title

Publisher

Assoc Computing Machinery

item.page.doi

Abstract

The Attribute-Based Access Control (ABAC) model is one of the most powerful access control models in use. It subsumes popular models, such as the Role-Based Access Control (RBAC) model, and can also enforce dynamic policies where authorisations depend on values of user, resource or environment attributes. However, in its general form, ABAC does not lend itself well to some operations, such as review queries, and ABAC policies are in general more difficult to specify and analyse than simpler RBAC policies. In this paper we propose a formal specification of ABAC in the category-based metamodel of access control, which adds structure to ABAC policies, making them easier to design and understand. We provide an axiomatic and an operational semantics for ABAC policies, and show how to use them to analyse policies and evaluate review queries.

Description

Keywords

Computers—Access control, Computer science

item.page.sponsorship

Rights

©2019 The Authors

Citation