In the present day computing environment, where access control decisions are often dependent on contextual information like the location of the requesting user and the time of access request, Attribute Based Access Control (ABAC) has emerged as a suitable choice for expressing security policies. In an ABAC system, access decisions depend on the set of attribute values associated with the subjects, resources and the environment in which an access request is made. In such systems, the task of managing the set of attributes associated with the entities as well as that of analyzing and understanding the security implications of each attribute assignment is of paramount importance. In this paper, we first introduce a comprehensive attribute based administrative model, named as AMABAC (Administrative Model for ABAC), for ABAC systems and then suggest a methodology for analyzing the security properties of ABAC in the presence of the administrative model. For performing analysis, we use μZ, a SMT (Satisfiability Modulo Theories) based model checking tool. We study the impact of the various components of ABAC and AMABAC on the time taken for security analysis.

中文翻译：

---

管理模型下ABAC的安全性分析

在当今的计算环境中，访问控制决策通常取决于上下文信息，例如发出请求的用户的位置和访问请求的时间，基于属性的访问控制（ABAC）已经成为表达安全策略的合适选择。在ABAC系统中，访问决策取决于与主题，资源和发出访问请求的环境相关的一组属性值。在这样的系统中，管理与实体相关联的属性集以及分析和理解每个属性分配的安全隐患的任务至关重要。在本文中，我们首先介绍一个基于属性的综合管理模型，称为AMABAC（ABAC的管理模型），对于ABAC系统，然后提出一种在存在管理模型的情况下分析ABAC安全属性的方法。为了执行分析，我们使用基于SMT（可满足性模理论）的模型检查工具μZ。我们研究了ABAC和AMABAC的各个组成部分对安全性分析所花费的时间的影响。