Sciweavers

SACMAT
2009
ACM

Symbolic reachability analysis for parameterized administrative role based access control

13 years 9 months ago
Symbolic reachability analysis for parameterized administrative role based access control
Role based access control (RBAC) is a widely used access control paradigm. In large organizations, the RBAC policy is managed by multiple administrators. An administrative role based access control (ARBAC) policy specifies how each administrator may change the RBAC policy. It is often difficult to fully understand the effect of an ARBAC policy by simple inspection, because sequences of changes by different administrators may interact in unexpected ways. ARBAC policy analysis algorithms can help by answering questions, such as user-role reachability, which asks whether a given user can be assigned to given roles by given administrators. Allowing roles and permissions to have parameters significantly enhances the scalability, flexibility, and expressiveness of ARBAC policies. This paper defines PARBAC, which extends the classic ARBAC97 model to support parameters, and presents an analysis algorithm for PARBAC. To the best of our knowledge, this is the first analysis algorithm sp...
Scott D. Stoller, Ping Yang, Mikhail I. Gofman, C.
Added 28 May 2010
Updated 28 May 2010
Type Conference
Year 2009
Where SACMAT
Authors Scott D. Stoller, Ping Yang, Mikhail I. Gofman, C. R. Ramakrishnan
Comments (0)