DescriptionThe flexibility, scalability, dynamic nature, portability and identity-less features of Attribute Based Access Control (ABAC) make it an attractive choice to be employed as a means to enforce access control in many application domains.However, in order to realize the true benefit of ABAC, it is necessary to develop mechanisms to effectively configure, deploy, maintain, and manage it. Towards this end, this dissertation makes the following four contributions. First, we develop two ABAC policy mining algorithms that utilize existing permissions of users on the resources as well as the attribute information for both users and resources to automatically discover ABAC policies. Next, we develop an approach that can incrementally maintain ABAC policies by appropriately modifying the policy based on updates in permission and/or user/object attributes. Since commercially viable systems for implementation of ABAC are not widely available, we next address the deployment of ABAC on legacy systems. Specifically, we develop a low-cost approach for the translation of an ABAC policy into a form that can be adopted by an RBAC system. Our fourth and final contribution addresses policy reconciliation and migration in collaborative environments. Specifically, we propose the notion of policy equivalence in ABAC and develop methods to evaluate ABAC policy similarity. We also propose two different approaches for accomplishing policy reconciliation and an approach for policy migration. Together, this work helps organization to migrate to ABAC from the traditional discretionary access control (DAC), to efficiently maintain it in light of situational changes, and to deploy it in legacy systems and enable effective collaboration across organizations while respecting their individual security policies.