A Comparison Among Policy Editors for Attributed Based Access Control Model

Attribute Based Access Control is a widely used access control model, which regulates the access to the resources by evaluating security policies which contain a number of attributes related to the subject, the object and the environment distinguishing thus from a simple access control list or a role-based model. Although, the dynamicity of today's environments requires security policies that consider a large set of attributes and conditions, making thus the policy writing an error-prone procedure. Existing policy editors are usually targeted to one particular framework and satisfy the needs of this application environment without providing the possibility of a more general use. In this paper we provide a comparison among the most known ABAC policy editors and their characteristics. Moreover, we propose an extension of one of those editors aiming at providing a more general and simple environment which supports the definition not only of attribute based access control policies, but also for Usage Control policies.