Title :
Specification and Analysis of Attribute-Based Access Control Policies: An Overview
Author :
Dianxiang Xu ; Yunpeng Zhang
Author_Institution :
Dept. of Comput. Sci., Boise State Univ., Boise, ID, USA
fDate :
June 30 2014-July 2 2014
Abstract :
Attribute-based access control (ABAC) is a new generation of access control techniques. It enables fine-grained access control by using various attributes of authorization elements, facilitates collaborative policy administration within a large enterprise or across multiple organizations, and allows for decoupling of access control policies from application logic. Nevertheless, ABAC-based systems can be very complex to manage. High expressiveness of ABAC specifications also increases the possibility of having defects. Therefore testing and verification are important for assuring that ABAC policies are specified and enforced correctly. This paper presents an overview of the existing work on specification, dynamic testing, and static verification of ABAC policies. It not only summarizes the up-to-date research progresses, but also provides an understanding about the limitations and open issues of the existing work. It is expected to serve as useful guidelines for future research.
Keywords :
authorisation; formal specification; formal verification; ABAC policies; ABAC policy dynamic testing; ABAC policy specification; ABAC policy static verification; ABAC-based systems; application logic; attribute-based access control policies; authorization elements; collaborative policy administration; fine-grained access control; Abstracts; Authorization; Prediction algorithms; Set theory; Specification languages; Testing; access control; attribute-based access control; specification; testing; verification;
Conference_Titel :
Software Security and Reliability-Companion (SERE-C), 2014 IEEE Eighth International Conference on
Conference_Location :
San Francisco, CA
DOI :
10.1109/SERE-C.2014.21
