2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC) (2016)
Pittsburgh, Pennsylvania, United States
Nov. 1, 2016 to Nov. 3, 2016
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CIC.2016.022
Attribute-based Access Control (ABAC) has been emerging as a suitable choice for large and federated enterprises due to its flexibility in expressing various types of security policies. Improved flexibility, however, results in higher design complexity and consequently, possibility of undesired flow of information. Reliance of access decision on the attribute values of subjects, objects and environment underscores the need for a formal way of managing attribute assignment in ABAC systems. Since large enterprises potentially have hundreds of subjects and thousands of resources, centralized management of attribute assignment is inexpedient. This paper introduces an attribute-based administrative model that supports decentralized administration of ABAC systems. The proposed model consists of a number of operations to administer the set of subjects and the set of subject attribute assignments in an ABAC system. We then suggest a methodology for analyzing the security properties of ABAC using Alloy analyzer in the presence of the proposed administrative model.
Analytical models, Authorization, Collaboration, Metals, Safety
S. Jha, S. Sural, V. Atluri and J. Vaidya, "An Administrative Model for Collaborative Management of ABAC Systems and Its Security Analysis," 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC), Pittsburgh, Pennsylvania, United States, 2016, pp. 64-73.