The schematic protection model: its definition and analysis for acyclic attenuating schemes
Journal of the ACM (JACM)
The computational complexity of propositional STRIPS planning
Artificial Intelligence
Role-Based Access Control Models
Computer
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
A Linear Time Algorithm for Deciding Subject Security
Journal of the ACM (JACM)
Alcoa: the alloy constraint analyzer
Proceedings of the 22nd international conference on Software engineering
Protection in operating systems
Communications of the ACM
The role-based access control system of a European bank: a case study and discussion
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
A lightweight approach to specification and analysis of role-based access control extensions
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Information flow analysis of an RBAC system
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Using Event Calculus to Formalise Policy Specification and Analysis
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Analyzing consistency of security policies
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Policy management using access control spaces
ACM Transactions on Information and System Security (TISSEC)
Verification and change-impact analysis of access-control policies
Proceedings of the 27th international conference on Software engineering
Beyond proof-of-compliance: security analysis in trust management
Journal of the ACM (JACM)
Verifying information flow goals in security-enhanced Linux
Journal of Computer Security - Special issue on WITS'03
Policy Analysis for Administrative Role Based Access Control
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Security analysis in role-based access control
ACM Transactions on Information and System Security (TISSEC)
On mutually exclusive roles and separation-of-duty
ACM Transactions on Information and System Security (TISSEC)
Analyzing integrity protection in the SELinux example policy
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Towards realizing a formal RBAC model in real systems
Proceedings of the 12th ACM symposium on Access control models and technologies
Journal of Computer Security - Special issue on CSFW15
Efficient policy analysis for administrative role based access control
Proceedings of the 14th ACM conference on Computer and communications security
Information and Computation
Towards Formal Verification of Role-Based Access Control Policies
IEEE Transactions on Dependable and Secure Computing
Parallel non-binary planning in polynomial time
IJCAI'91 Proceedings of the 12th international joint conference on Artificial intelligence - Volume 1
Decentralized trust management
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Secure interoperation design in multi-domains environments based on colored Petri nets
Information Sciences: an International Journal
Symbolic backward reachability with effectively propositional logic
Formal Methods in System Design
Mohawk: Abstraction-Refinement and Bound-Estimation for Verifying Access Control Policies
ACM Transactions on Information and System Security (TISSEC)
Policy analysis for administrative role based access control without separate administration
DBSec'13 Proceedings of the 27th international conference on Data and Applications Security and Privacy XXVII
Journal of Computer Security - STM'10
| Hi-index | 5.23 |
Role-Based Access Control (RBAC) is a widely used model for expressing access control policies. In large organizations, the RBAC policy may be collectively managed by many administrators. Administrative RBAC (ARBAC) models express the authority of administrators, thereby specifying how an organization's RBAC policy may change. Changes by one administrator may interact in unintended ways with changes by other administrators. Consequently, the effect of an ARBAC policy is hard to understand by simple inspection. In this paper, we consider the problem of analyzing ARBAC policies. Specifically, we consider reachability properties (e.g., whether a user can eventually be assigned to a role by a group of administrators), availability properties (e.g., whether a user cannot be removed from a role by a group of administrators), containment properties (e.g., every member of one role is also a member of another role) satisfied by a policy, and information flow properties. We show that reachability analysis for ARBAC is PSPACE-complete. We also give algorithms and complexity results for reachability and related analysis problems for several categories of ARBAC policies, defined by simple restrictions on the policy language. Some of these results are based on the connection we establish between security policy analysis and planning problems in Artificial Intelligence.