Specification and Analysis of ABAC Policies via the Category-Based Metamodel

Fernandez, Maribel; Mackie, Ian; Thuraisingham, Bhavani

View/Open

Link to Article (184.2Kb)

Date

2019-03-25

Author

Fernandez, Maribel

Mackie, Ian

Thuraisingham, Bhavani

Metadata

Show full item record

Abstract

The Attribute-Based Access Control (ABAC) model is one of the most powerful access control models in use. It subsumes popular models, such as the Role-Based Access Control (RBAC) model, and can also enforce dynamic policies where authorisations depend on values of user, resource or environment attributes. However, in its general form, ABAC does not lend itself well to some operations, such as review queries, and ABAC policies are in general more difficult to specify and analyse than simpler RBAC policies. In this paper we propose a formal specification of ABAC in the category-based metamodel of access control, which adds structure to ABAC policies, making them easier to design and understand. We provide an axiomatic and an operational semantics for ABAC policies, and show how to use them to analyse policies and evaluate review queries.

URI

http://dx.doi.org/10.1145/3292006.3300033
https://hdl.handle.net/10735.1/8760

Collections

Thuraisingham, Bhavani M.