Attribute-based access control (ABAC) models are widely used to provide
fine-grained and adaptable authorization based on the attributes of users,
resources, and other relevant entities. Hierarchial group and attribute based
access control (HGABAC) model was recently proposed which introduces the novel
notion of attribute inheritance through group membership. GURAG was
subsequently proposed to provide an administrative model for user attributes in
HGABAC, building upon the ARBAC97 and GURA administrative models. The GURA
model uses administrative roles to manage user attributes. The reachability
problem for the GURA model is to determine what attributes a particular user
can acquire, given a predefined set of administrative rules. This problem has
been previously analyzed in the literature. In this paper, we study the user
attribute reachability problem based on directly assigned attributes of the
user and attributes inherited via group memberships. We first define a
restricted form of GURAG, called rGURAG scheme, as a state transition system
with multiple instances having different preconditions and provide reachability
analysis for each of these schemes. In general, we show PSPACE-complete
complexity for all rGURAG schemes. We further present polynomial time
algorithms to solve special instances of rGURAG schemes under restricted

By admin