The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Security analysis in role-based access control
ACM Transactions on Information and System Security (TISSEC)
Towards Formal Verification of Role-Based Access Control Policies
IEEE Transactions on Dependable and Secure Computing
Specification and Analysis of Dynamic Authorisation Policies
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
The role of abduction in declarative authorization policies
PADL'08 Proceedings of the 10th international conference on Practical aspects of declarative languages
A logic for state-modifying authorization policies
ACM Transactions on Information and System Security (TISSEC)
Reachability analysis for role-based administration of attributes
Proceedings of the 2013 ACM workshop on Digital identity management
| Hi-index | 0.00 |
In large organizations, the access control policy is managed by multiple users (administrators). An administrative policy specifies how each user may change the policy. The consequences of an administrative policy are often non-obvious, because sequences of changes by different users may interact in unexpected ways. Administrative policy analysis helps by answering questions such as user-permission reachability, which asks whether specified users can together change the policy in a way that achieves a specified goal, namely, granting a specified permission to a specified user.