Attribute-based access control policy analysis using automated planning technique

The paper considers the problem of testing the possibility of a user of an information system gaining access to the selected object with a given attribute-based security policy. It is shown that under some restrictions on information system model and policy rules, this task is reduced to the task of automated planning. There is a tree structure determined, the construction of which corresponds to planning in the space of plans and allows to take into account the specifics of the problem when constructing heuristic algorithms for checking access. It is proved that the existence of such a structure is a necessary and sufficient condition for the possibility of getting an access to the target.