Role-Based Access Control Models
Computer
Reconciling role based management and role based access control
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Efficiency of a Good But Not Linear Set Union Algorithm
Journal of the ACM (JACM)
Simplification by Cooperating Decision Procedures
ACM Transactions on Programming Languages and Systems (TOPLAS)
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
DATALOG with Constraints: A Foundation for Trust Management Languages
PADL '03 Proceedings of the 5th International Symposium on Practical Aspects of Declarative Languages
Access Control: Policies, Models, and Mechanisms
FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
Induced role hierarchies with attribute-based RBAC
Proceedings of the eighth ACM symposium on Access control models and technologies
A Model for Attribute-Based User-Role Assignment
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Rule-Based RBAC with Negative Authorization
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Verification and change-impact analysis of access-control policies
Proceedings of the 27th international conference on Software engineering
Attributed Based Access Control (ABAC) for Web Services
ICWS '05 Proceedings of the IEEE International Conference on Web Services
Automated verification of access control policies using a SAT solver
International Journal on Software Tools for Technology Transfer (STTT)
Research on Description Logic Based Conflict Detection Methods for RB-RBAC Model
Proceedings of the 2006 conference on Advances in Intelligent IT: Active Media Technology 2006
EXAM: a comprehensive environment for the analysis of access control policies
International Journal of Information Security
Efficient symbolic automated analysis of administrative attribute-based RBAC-policies
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Expressive and Deployable Access Control in Open Web Service Applications
IEEE Transactions on Services Computing
Satisfiability modulo theories: introduction and applications
Communications of the ACM
Automated symbolic analysis of ARBAC-policies
STM'10 Proceedings of the 6th international conference on Security and trust management
An efficient decision procedure for UTVPI constraints
FroCoS'05 Proceedings of the 5th international conference on Frontiers of Combining Systems
PSI'11 Proceedings of the 8th international conference on Perspectives of System Informatics
Automated analysis of rule-based access control policies
PLPV '13 Proceedings of the 7th workshop on Programming languages meets program verification
Reachability analysis for role-based administration of attributes
Proceedings of the 2013 ACM workshop on Digital identity management
| Hi-index | 0.00 |
We consider an extension of the Role-Based Access Control model in which rules assign users to roles based on attributes. We consider an open (allow-by-default) policy approach in which rules can assign users negated roles thus preventing access to the permissions associated to the role. The problems of detecting redundancies and inconsistencies are formally stated. By expressing the conditions on the attributes in the rules with formulae of theories that can be efficiently decided by Satisfiability Modulo Theories (SMT) solvers, we characterize the decidability and complexity of the problems of detecting redundancies and inconsistencies. The proof of the result is constructive and based on an algorithm that repeatedly solves SMT problems. An experimental evaluation with synthetic benchmark problems shows the practical viability of our technique.