A Role-Based Administrative Model for Administration of Heterogeneous Access Control Policies and its Security Analysis

Mahendra Pratap Singh, Shamik Sural, Jaideep Vaidya, Vijayalakshmi Atluri

Research output: Contribution to journalArticlepeer-review

Abstract

Over the past few years, several efforts have been made to enable specification and enforcement of flexible and dynamic access control policies using traditional access control (such as role based access control (RBAC), etc.) and attribute based access control (ABAC). Recently, a unified framework, named MPBAC (meta-policy based access control), has been developed to enable specification and enforcement of heterogeneous access control policies such as ABAC, RBAC and a combination of policies (such as ABAC and RBAC). However, one significant limitation is that no complete administrative model has been developed for heterogeneous access control policies. In this article, we present a complete role-based administrative model (named as RAMHAC) for managing heterogeneous access control policies. We also introduce a novel methodology for analyzing heterogeneous access control policies in the presence of RAMHAC by modeling the policies through Datalog facts and using the μ z tool. The administrative model includes a wide range of administrative relations, commands, pre-constraints and post-constraints. A comprehensive experimental evaluation demonstrates the scalability of the proposed approach.

Original languageEnglish (US)
JournalInformation Systems Frontiers
DOIs
StateAccepted/In press - 2021

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Software
  • Information Systems
  • Computer Networks and Communications

Keywords

  • ABAC
  • Administrative model
  • Fixed-point analysis
  • MPBAC
  • RBAC
  • Security analysis

Fingerprint

Dive into the research topics of 'A Role-Based Administrative Model for Administration of Heterogeneous Access Control Policies and its Security Analysis'. Together they form a unique fingerprint.

Cite this