Over the past few years, several efforts have been made to enable specification and enforcement of flexible and dynamic access control policies using traditional access control (such as role based access control (RBAC), etc.) and attribute based access control (ABAC). Recently, a unified framework, named MPBAC (meta-policy based access control), has been developed to enable specification and enforcement of heterogeneous access control policies such as ABAC, RBAC and a combination of policies (such as ABAC and RBAC). However, one significant limitation is that no complete administrative model has been developed for heterogeneous access control policies. In this article, we present a complete role-based administrative model (named as RAMHAC) for managing heterogeneous access control policies. We also introduce a novel methodology for analyzing heterogeneous access control policies in the presence of RAMHAC by modeling the policies through Datalog facts and using the μ z tool. The administrative model includes a wide range of administrative relations, commands, pre-constraints and post-constraints. A comprehensive experimental evaluation demonstrates the scalability of the proposed approach.

在过去的几年里，已经做出了一些努力来使用传统的访问控制（例如基于角色的访问控制 (RBAC) 等）和基于属性的访问控制 (ABAC) 来规范和实施灵活和动态的访问控制策略。最近，开发了一个名为 MPBAC（基于元策略的访问控制）的统一框架，以支持异构访问控制策略（如 ABAC、RBAC 和策略组合（如 ABAC 和 RBAC））的规范和执行。然而，一个重要的限制是没有为异构访问控制策略开发完整的管理模型。在本文中，我们展示了一个完整的基于角色的管理模型（称为 RAMHAC），用于管理异构访问控制策略。μ z 工具。行政模型包括广泛的行政关系、命令、前约束和后约束。全面的实验评估证明了所提出方法的可扩展性。