TY - JOUR
T1 - A Role-Based Administrative Model for Administration of Heterogeneous Access Control Policies and its Security Analysis
AU - Singh, Mahendra Pratap
AU - Sural, Shamik
AU - Vaidya, Jaideep
AU - Atluri, Vijayalakshmi
N1 - Funding Information: Research reported in this publication was supported by the National Science Foundation under awards CNS-1564034, CNS-1624503, CNS-1747728 and the National Institutes of Health under awards R01GM118574 and R35GM134927. The work of Shamik Sural was partially supported by the Fulbright Program. The content is solely the responsibility of the authors and does not necessarily represent the official views of the agencies funding the research. Publisher Copyright: © 2021, The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature.
PY - 2021
Y1 - 2021
N2 - Over the past few years, several efforts have been made to enable specification and enforcement of flexible and dynamic access control policies using traditional access control (such as role based access control (RBAC), etc.) and attribute based access control (ABAC). Recently, a unified framework, named MPBAC (meta-policy based access control), has been developed to enable specification and enforcement of heterogeneous access control policies such as ABAC, RBAC and a combination of policies (such as ABAC and RBAC). However, one significant limitation is that no complete administrative model has been developed for heterogeneous access control policies. In this article, we present a complete role-based administrative model (named as RAMHAC) for managing heterogeneous access control policies. We also introduce a novel methodology for analyzing heterogeneous access control policies in the presence of RAMHAC by modeling the policies through Datalog facts and using the μ z tool. The administrative model includes a wide range of administrative relations, commands, pre-constraints and post-constraints. A comprehensive experimental evaluation demonstrates the scalability of the proposed approach.
AB - Over the past few years, several efforts have been made to enable specification and enforcement of flexible and dynamic access control policies using traditional access control (such as role based access control (RBAC), etc.) and attribute based access control (ABAC). Recently, a unified framework, named MPBAC (meta-policy based access control), has been developed to enable specification and enforcement of heterogeneous access control policies such as ABAC, RBAC and a combination of policies (such as ABAC and RBAC). However, one significant limitation is that no complete administrative model has been developed for heterogeneous access control policies. In this article, we present a complete role-based administrative model (named as RAMHAC) for managing heterogeneous access control policies. We also introduce a novel methodology for analyzing heterogeneous access control policies in the presence of RAMHAC by modeling the policies through Datalog facts and using the μ z tool. The administrative model includes a wide range of administrative relations, commands, pre-constraints and post-constraints. A comprehensive experimental evaluation demonstrates the scalability of the proposed approach.
KW - ABAC
KW - Administrative model
KW - Fixed-point analysis
KW - MPBAC
KW - RBAC
KW - Security analysis
UR - http://www.scopus.com/inward/record.url?scp=85110933889&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85110933889&partnerID=8YFLogxK
U2 - https://doi.org/10.1007/s10796-021-10167-z
DO - https://doi.org/10.1007/s10796-021-10167-z
M3 - Article
JO - Information Systems Frontiers
JF - Information Systems Frontiers
SN - 1387-3326
ER -