Abstract
The Attribute-Based Access Control (ABAC) model is one of the most powerful access control models in use. It subsumes popular models, such as the Role-Based Access Control (RBAC) model, and can also enforce dynamic policies where authorisations depend on values of user, resource or environment attributes. However, in its general form, ABAC does not lend itself well to some operations, such as review queries, and ABAC policies are in general more difficult to specify and analyse than simpler RBAC policies. In this paper we propose a formal specification of ABAC in the category-based metamodel of access control, which adds structure to ABAC policies, making them easier to design and understand. We provide an axiomatic and an operational semantics for ABAC policies, and show how to use them to analyse policies and evaluate review queries.
Author supplied keywords
Cite
CITATION STYLE
Fernández, M., Mackie, I., & Thuraisingham, B. (2019). Specification and analysis of ABAC policies via the category-based metamodel. In CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy (pp. 173–184). Association for Computing Machinery, Inc. https://doi.org/10.1145/3292006.3300033
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
