Security Analysis of ABAC under an Administrative Model.
作者信息
Jha Sadhana, Sural Shamik, Atluri Vijayalakshmi, Vaidysa Jaideep
机构信息
Advanced Technology Development Center, Indian Institute of Technology, Kharagpur, India.
Department of Computer Science & Engineering, Indian Institute of Technology, Kharagpur, India.
出版信息
IET Inf Secur. 2019 Mar;13(2):96-103. doi: 10.1049/iet-ifs.2018.5010. Epub 2018 Oct 23.
In the present day computing environment, where access control decisions are often dependent on contextual information like the location of the requesting user and the time of access request, Attribute Based Access Control (ABAC) has emerged as a suitable choice for expressing security policies. In an ABAC system, access decisions depend on the set of attribute values associated with the subjects, resources and the environment in which an access request is made. In such systems, the task of managing the set of attributes associated with the entities as well as that of analyzing and understanding the security implications of each attribute assignment is of paramount importance. In this paper, we first introduce a comprehensive attribute based administrative model, named as AMABAC (Administrative Model for ABAC), for ABAC systems and then suggest a methodology for analyzing the security properties of ABAC in the presence of the administrative model. For performing analysis, we use Z, a SMT (Satisfiability Modulo Theories) based model checking tool. We study the impact of the various components of ABAC and AMABAC on the time taken for security analysis.
Zotero 插件