Access control is becoming increasingly important for today’s ubiquitous systems which provide mechanism to prevent sensitive resources against unauthorized users. In access control models, the administration of access control policies is a task of paramount importance for distributed systems. A crucial analysis problem is to foresee if a set of administrators can give a user an unauthorized access permission. In this paper, we consider the analysis problem in the context of the administrative role-based access control (ARBAC) and its extension, the administrative temporal role-based access control (ATRBAC). More details, we present how to design analysis techniques, namely asasp2.1 and asaspTIME2.0 for ARBAC and ATRBAC, respectively, which are based on the ideas of a framework to analyze infinite state-transition systems. Moreover, we describe how we design heuristics to enable the analysis techniques to scale up to handle large and complex authorization policies. An extensive experimentation shows that the proposed techniques are scalability and the heuristics play a key role in the success of the analysis tools over well-known analysis techniques.
Read full abstract