Authors:
Marius Schlegel
and
Peter Amthor
Affiliation:
Technische Universität Ilmenau, Germany
Keyword(s):
Security Engineering, Security Policies, Attribute-based Access Control Models, ABAC, Security Models, Reachability Property, Dynamic Analysis, Heuristic Safety Analysis, Formal Methods.
Abstract:
Attribute-based access control (ABAC) has made its way into the mainstream of engineering secure IT systems. At the same time, ABAC models are still lagging behind well-understood, yet more basic access control models in terms of dynamic analyzability. This has led to a plethora of methods, languages, and tools for designing and integrating ABAC policies, but only few to formally reason about them in the process. We present DABAC, a modeling scheme to pick up that missing piece and put it right into its place in the security engineering workflow. Based on an automaton calculus, we demonstrate how DABAC can be leveraged as a holistic formal basis for engineering ABAC models, analyzing their dynamic properties, and providing a functional specification for their implementation. This sets the stage for comprehensive tool support in building future ABAC systems.