The complexity of propositional linear temporal logics
Journal of the ACM (JACM)
On the synthesis of a reactive module
POPL '89 Proceedings of the 16th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The specification and enforcement of authorization constraints in workflow management systems
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Protection in operating systems
Communications of the ACM
Delegation logic: A logic-based approach to distributed authorization
ACM Transactions on Information and System Security (TISSEC)
Administrative scope: A foundation for role-based administrative models
ACM Transactions on Information and System Security (TISSEC)
An administration concept for the enterprise role-based access control model
Proceedings of the eighth ACM symposium on Access control models and technologies
The ARBAC99 Model for Administration of Roles
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Alternating-time Temporal Logic
FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
On Safety in Discretionary Access Control
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
A reference monitor for workflow systems with constrained task execution
Proceedings of the tenth ACM symposium on Access control models and technologies
An effective role administration model using organization structure
ACM Transactions on Information and System Security (TISSEC)
Policy Analysis for Administrative Role Based Access Control
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Administration in role-based access control
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Extended privilege inheritance in RBAC
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
On the Decidability of the Safety Problem for Access Control Policies
Electronic Notes in Theoretical Computer Science (ENTCS)
Efficient policy analysis for administrative role based access control
Proceedings of the 14th ACM conference on Computer and communications security
Synthesising verified access control systems through model checking
Journal of Computer Security
Symbolic reachability analysis for parameterized administrative role based access control
Proceedings of the 14th ACM symposium on Access control models and technologies
Specification and Analysis of Dynamic Authorisation Policies
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
Insider Threats in Cyber Security
Insider Threats in Cyber Security
Modelling dynamic access control policies for web-based collaborative systems
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
Satisfiability and Resiliency in Workflow Authorization Systems
ACM Transactions on Information and System Security (TISSEC)
Decentralized trust management
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Runtime Verification for LTL and TLTL
ACM Transactions on Software Engineering and Methodology (TOSEM)
Evaluating access control policies through model checking
ISC'05 Proceedings of the 8th international conference on Information Security
A logic for state-modifying authorization policies
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
A privacy-aware access control model for distributed network monitoring
Computers and Electrical Engineering
| Hi-index | 0.00 |
In "administrative" access control, policy controls permissions not just on application actions, but also on actions to modify permissions, on actions to modify permissions on those actions, and so on. One context of work in administrative policy is "administrative RBAC", in which policy controls the permissions of roles, the membership of roles, and other elements of RBAC access-control state. Here we study and extend the UARBAC model for administrative RBAC from the perspective of usability and expressiveness. Using tools from logic and program verification, we formulate UARBAC logically and develop an algorithm that produces "administrative plans" that achieve specified permissions through permitted actions. This work is closely related to work on the safety problem in administrative access control, but is intended to aid legitimate users in understanding how to achieve a desired access-control state. We then show how this machinery can be used so that administrative actions at any desired depth, and so plans as well, can be uniformly simulated in the existing UARBAC model.