Fixed-Parameter Tractability and Completeness I: Basic Results
SIAM Journal on Computing
Role-Based Access Control Models
Computer
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Computers and Intractability; A Guide to the Theory of NP-Completeness
Computers and Intractability; A Guide to the Theory of NP-Completeness
The complexity of theorem-proving procedures
STOC '71 Proceedings of the third annual ACM symposium on Theory of computing
Supporting authorization query and inter-domain role mapping in presence of hybrid role hierarchy
Proceedings of the eleventh ACM symposium on Access control models and technologies
On mutually exclusive roles and separation-of-duty
ACM Transactions on Information and System Security (TISSEC)
Proceedings of the 13th ACM symposium on Access control models and technologies
Computational Complexity: A Modern Approach
Computational Complexity: A Modern Approach
An efficient framework for user authorization queries in RBAC systems
Proceedings of the 14th ACM symposium on Access control models and technologies
Introduction to Algorithms, Third Edition
Introduction to Algorithms, Third Edition
Set covering problems in role-based access control
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
An empirical assessment of approaches to distributed enforcement in role-based access control (RBAC)
Proceedings of the first ACM conference on Data and application security and privacy
Efficient run-time solving of RBAC user authorization queries: pushing the envelope
Proceedings of the second ACM conference on Data and Application Security and Privacy
| Hi-index | 0.00 |
We address the User Authorization Query problem (UAQ) in Role-Based Access Control (RBAC) which relates to sessions that a user creates to exercise permissions. Prior work has shown that UAQ is intractable (NP -hard). We give a precise formulation of UAQ as a joint optimization problem, and observe that in general, UAQ remains in NP . We then investigate two techniques to mitigate its intractability. (1) We efficiently reduce UAQ to boolean satisfiability in conjunctive normal form, a well-known NP -complete problem for which solvers exist that are efficient for large classes of instances. We point out that a prior attempt is not a reduction, is inefficient, and provides only limited support for joint optimization. (2) We show that UAQ is fixed-parameter polynomial in the upper-bound set of permissions under reasonable assumptions. We discuss an open-source implementation of (1) and (2), based on which we have conducted an empirical assessment.