Reachability analysis for role-based administration of attributes
Proceedings of the 2013 ACM workshop on Digital identity management - DIM '13
Attribute-based access control (ABAC) is well-known and increasingly prevalent. Nonetheless, administration of attributes is not well-studied so far. Recently, the Generalized User-Role Assignment model (GURA) was proposed to provide ARBAC97-style (administrative role-based access control) administration of user attributes. An attribute is simply a name-value pair, examples of which include clearance, group and affiliations. In GURA, user attributes are collectively administered by different
... red by different administrative roles to enable distributed administration. Given an administrative policy that specifies the conditions under which administrative roles can modify user attributes, it is useful to understand whether an attribute of a particular user can reach a specific value because user attributes are used for security-sensitive activities such as authentication, authorization and audit. In this paper, we study the user-attribute reachability problems in a restricted GURA model called rGURA. We formalize rGURA as a state transition system and show that the reachability problems for its general cases are PSPACE-complete. However, we do find polynomial-time solutions to reachability problems for limited versions of rGURA that are still useful in practice. The algorithms not only answer reachability problem but also provide a plan of sequential attribute updates by one or more administrators in order to reach particular values for user attributes. rGURA is relatively simple and practical. It is likely that other proposals will subsume the functionality of rGURA and thereby subsume its complexity results.