Mandatory access control and role-based access control revisited
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
How to do discretionary access control using roles
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The expressive power of multi-parent creation in monotonic access control models
Journal of Computer Security
Configuring role-based access control to enforce mandatory and discretionary access control policies
ACM Transactions on Information and System Security (TISSEC)
Protection in operating systems
Communications of the ACM
A Calculus of Communicating Systems
A Calculus of Communicating Systems
A logical framework for reasoning about access control models
ACM Transactions on Information and System Security (TISSEC)
Concurrency and Automata on Infinite Sequences
Proceedings of the 5th GI-Conference on Theoretical Computer Science
Distributed credential chain discovery in trust management
Journal of Computer Security
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
A State-Transition Model of Trust Management and Access Control
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Expressive power of access control models based on propagation of rights
Expressive power of access control models based on propagation of rights
Security analysis in role-based access control
Proceedings of the ninth ACM symposium on Access control models and technologies
Comparing the expressive power of access control models
Proceedings of the 11th ACM conference on Computer and communications security
On Safety in Discretionary Access Control
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Beyond proof-of-compliance: security analysis in trust management
Journal of the ACM (JACM)
Foundations for group-centric secure information sharing models
Proceedings of the 14th ACM symposium on Access control models and technologies
An authorization scheme for version control systems
Proceedings of the 16th ACM symposium on Access control models and technologies
Formal specification and validation of security policies
FPS'11 Proceedings of the 4th Canada-France MITACS conference on Foundations and Practice of Security
TBA: a hybrid of logic and extensional access control systems
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
The need for application-aware access control evaluation
Proceedings of the 2012 workshop on New security paradigms
Ensuring continuous compliance through reconciling policy with usage
Proceedings of the 18th ACM symposium on Access control models and technologies
Panel on granularity in access control
Proceedings of the 18th ACM symposium on Access control models and technologies
On the suitability of dissemination-centric access control systems for group-centric sharing
Proceedings of the 4th ACM conference on Data and application security and privacy
Hi-index | 0.00 |
We present a theory for comparing the expressive power of access control models. The theory is based on simulations that preserve security properties. We perceive access control systems as state-transition systems and present two kinds of simulations, reductions and state-matching reductions. In applying the theory, we highlight four new results and discuss these results in the context of other results that can be inferred or are known. One result indicates that the access matrix scheme due to Harrison, Ruzzo and Ullman is limited in its expressive power when compared with a trust-management scheme, thereby formally establishing a conjecture from the literature. A second result is that a particular RBAC (Role-Based Access Control) scheme, ARBAC97, may be limited in its expressive power, thereby countering claims in the literature that RBAC is more expressive than DAC (Discretionary Access Control). A third result demonstrates that the ability to check for the absence of rights (in addition to the presence of rights) can cause a scheme to be more expressive. A fourth result is that a trust-management scheme is at least as expressive as RBAC with a particular administrative scheme (the URA97 component of ARBAC97).