An efficient framework for user authorization queries in RBAC systems

Authors:
Guneshi T. Wickramaarachchi;Wahbeh H. Qardaji;Ninghui Li
Affiliations:
Purdue University, West Lafayette, IN, USA;Purdue University, West Lafayette, IN, USA;Purdue University, West Lafayette, IN, USA
Venue:
Proceedings of the 14th ACM symposium on Access control models and technologies
Year:
2009

Citing 7
Cited 4

Temporal hierarchies and inheritance semantics for GTRBAC

SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Supporting authorization query and inter-domain role mapping in presence of hybrid role hierarchy

Proceedings of the eleventh ACM symposium on Access control models and technologies
On mutually exclusive roles and separation-of-duty

ACM Transactions on Information and System Security (TISSEC)
Visualizing SAT Instances and Runs of the DPLL Algorithm

Journal of Automated Reasoning
A Critique of the ANSI Standard on Role-Based Access Control

IEEE Security and Privacy
UAQ: a framework for user authorization query processing in RBAC extended with hybrid hierarchy and constraints

Proceedings of the 13th ACM symposium on Access control models and technologies
On solving the partial MAX-SAT problem

SAT'06 Proceedings of the 9th international conference on Theory and Applications of Satisfiability Testing

Role updating for assignments

Proceedings of the 15th ACM symposium on Access control models and technologies
Set covering problems in role-based access control

ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Efficient run-time solving of RBAC user authorization queries: pushing the envelope

Proceedings of the second ACM conference on Data and Application Security and Privacy
Mitigating the intractability of the user authorization query problem in role-based access control (RBAC)

NSS'12 Proceedings of the 6th international conference on Network and System Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

The User Authorization Query (UAQ) Problem for RBAC, introduced by Zhang and Joshi, is to determine the set of roles to be activated in a single session for a particular set of permissions requested by the user. This set of roles must satisfy constraints that prevent certain combinations of roles to be activated in one session, and should follow the least privilege principle. We show that the existing approach to the UAQ problem is inadequate, and propose two approaches for solving the UAQ problem. In the first approach, we develop algorithms that use the backtracking-based search techniques developed in the artificial intelligence community. In the second approach, we reduce the problem to the MAXSAT problem which can be solved using available SAT solvers. We have implemented both approaches and experimentally evaluated them.