Security analysis of ABAC under an administrative model

In the present-day computing environment, where access control decisions are often dependent on contextual information like the location of the requesting user and the time of access request, attribute-based access control (ABAC) has emerged as a suitable choice for expressing security policies. In an ABAC system, access decisions depend on the set of attribute values associated with the subjects, resources, and the environment in which an access request is made. In such systems, the task of managing the set of attributes associated with the entities as well as that of analysing and understanding the security implications of each attribute assignment is of paramount importance. Here, the authors first introduce a comprehensive attribute-based administrative model, named as AMABAC ( A dministrative M odel for ABAC ), for ABAC systems and then suggest a methodology for analysing the security properties of ABAC in the presence of the administrative model. For performing analysis, the authors use μZ , a satisfiability modulo theories-based model checking tool. The authors study the impact of the various components of ABAC and AMABAC on the time taken for security analysis.