Specification and Analysis of Attribute-Based Access Control Policies: An Overview

Attribute-based access control (ABAC) is a new generation of access control techniques. It enables fine-grained access control by using various attributes of authorization elements, facilitates collaborative policy administration within a large enterprise or across multiple organizations, and allows for decoupling of access control policies from application logic. Nevertheless, ABAC-based systems can be very complex to manage. High expressiveness of ABAC specifications also increases the possibility of having defects. Therefore testing and verification are important for assuring that ABAC policies are specified and enforced correctly. This paper presents an overview of the existing work on specification, dynamic testing, and static verification of ABAC policies. It not only summarizes the up-to-date research progresses, but also provides an understanding about the limitations and open issues of the existing work. It is expected to serve as useful guidelines for future research.