Relationship-based access control (ReBAC) policies can express intricate protection requirements in terms of relationships among users and resources (which can be modeled as a graph). Such policies are useful in domains beyond online social networks. However, given the updating graph of users and resources in a system and expressive conditions in access control policy rules, it can be very challenging for security administrators to envision what can (or cannot) happen as the protection system evolves. For example, if we use ReBAC in a medical domain, can we reason that at any time in the future all involved physicians in a treatment case can have full access to the treatment data?
We introduce the security analysis problem for this class of policies, using which we seek to answer security queries about future states of the system graph and authorizations that are decided accordingly.
- A. Masoumzadeh, “Security Analysis of Relationship-Based Access Control Policies,” in Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy, 2018, pp. 186–195.