Abstract
In the modern computing era, access to resources is often restricted through contextual information and the attributes of users, objects and various other entities. Attribute-Based Access Control (ABAC) can capture those requirements as a policy, but it is not yet adopted like Role Based Access Control (RBAC) due to lack of a comprehensive administrative model. In the last few years, several efforts have been made to combine ABAC with RBAC, but they are limited to specification and enforcement only. Recently, we have presented a unified framework along with a role based administrative model that enables specification, enforcement and maintenance of unified access control policies, such as ABAC, RBAC and Meta-Policy Based Access Control (MPBAC). This paper describes role-based administrative model components and then present a methodology which uses a fixed-point based approach for verifying the security properties (like safety and liveness) of those policies in the presence of the administrative model. We also analyse the impact of ABAC, RBAC, MPBAC and administrative model components on the time taken for security analysis. Experimental results demonstrate that the proposed approach is scalable as well as effective.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
