Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Knowledge Representation, Reasoning, and Declarative Problem Solving
Knowledge Representation, Reasoning, and Declarative Problem Solving
Specifying and enforcing constraints in role-based access control
Proceedings of the eighth ACM symposium on Access control models and technologies
On mutually-exclusive roles and separation of duty
Proceedings of the 11th ACM conference on Computer and communications security
Migrating to optimal RBAC with minimal perturbation
Proceedings of the 13th ACM symposium on Access control models and technologies
Mining Roles with Multiple Objectives
ACM Transactions on Information and System Security (TISSEC)
On the Complexity of Authorization in RBAC under Qualification and Security Constraints
IEEE Transactions on Dependable and Secure Computing
| Hi-index | 0.00 |
Role engineering (RE) aims to develop and maintain appropriate role-based access control (RBAC) configurations. However, RE with constraints in place is not well-studied. Constraints usually describe organizations' security and business requirements. An inconsistency between configurations and constraints compromises security and availability, as it may authorize otherwise forbidden access and deprive users of due privileges. In this paper, we apply answer set programming (ASP) to discover RBAC configurations that comply with constraints and meet various optimization objectives. We first formulate the need of supporting constraints as a problem independent of and complementary to existing RE problems. We then present a flexible framework for translating the proposed problem to ASP programs. In this way, the problem can be addressed via ASP solvers. Finally, we demonstrate the effectiveness and efficiency of our approach through experimental results.