In the present day computing environment, where access control decisions are often dependent on contextual information like the location of the requesting user and the time of access request, Attribute Based Access Control (ABAC) has emerged as a suitable choice for expressing security policies. In an ABAC system, access decisions depend on the set of attribute values associated with the subjects, resources and the environment in which an access request is made. In such systems, the task of managing the set of attributes associated with the entities as well as that of analyzing and understanding the security implications of each attribute assignment is of paramount importance. In this paper, we first introduce a comprehensive attribute based administrative model, named as AMABAC (Administrative Model for ABAC), for ABAC systems and then suggest a methodology for analyzing the security properties of ABAC in the presence of the administrative model. For performing analysis, we use μZ, a SMT (Satisfiability Modulo Theories) based model checking tool. We study the impact of the various components of ABAC and AMABAC on the time taken for security analysis.
Keyphrases