On the Construction and Verification of Self-modifying Access Control Policies
SDM '09 Proceedings of the 6th VLDB Workshop on Secure Data Management
A secure collaboration service for dynamic virtual organizations
Information Sciences: an International Journal
Automatic conformance checking of role-based access control policies via alloy
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Conformance checking of dynamic access control policies
ICFEM'11 Proceedings of the 13th international conference on Formal methods and software engineering
Validation of security-design models using Z
ICFEM'11 Proceedings of the 13th international conference on Formal methods and software engineering
Formalising and validating RBAC-to-XACML translation using lightweight formal methods
ABZ'10 Proceedings of the Second international conference on Abstract State Machines, Alloy, B and Z
Hi-index | 0.00 |
Role-based access control (RBAC) has emerged as the dominant access control paradigm for service-oriented systems, with this dominance being reflected by the popularity of RBAC both with the research community and with information technology vendors. RBAC's dominance was solidified in 2004 when an American National Standards Institute standard for RBAC was approved. In this paper, we consider some of the drawbacks of this standard and show how the formal description technique, Z, has been used to underpin a model of RBAC. The model builds on the work of Li et al. and adopts a modular approach. In particular, we consider the relationships between different types of inheritance within our model. We show our model can be used to define a notion of equivalence between different RBAC systems. Finally, we show how—via our model—a particular RBAC system can be normalized to produce a simpler—but semantically equivalent—representation. We illustrate this process via two examples.