Role-Based Access Control Models
Computer
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The ARBAC99 Model for Administration of Roles
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Advanced Features for Enterprise-Wide Role-Based Access Control
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Security analysis in role-based access control
Proceedings of the ninth ACM symposium on Access control models and technologies
Understanding and developing role-based administrative models
Proceedings of the 12th ACM conference on Computer and communications security
Policy Analysis for Administrative Role Based Access Control
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Administration in role-based access control
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Efficient policy analysis for administrative role based access control
Proceedings of the 14th ACM conference on Computer and communications security
Towards Formal Verification of Role-Based Access Control Policies
IEEE Transactions on Dependable and Secure Computing
RBAC-PAT: A Policy Analysis Tool for Role Based Access Control
TACAS '09 Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009,
Analyzing recursive programs using a fixed-point calculus
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Automatic error finding in access-control policies
Proceedings of the 18th ACM conference on Computer and communications security
Security Analysis of Role-Based Access Control through Program Verification
CSF '12 Proceedings of the 2012 IEEE 25th Computer Security Foundations Symposium
Policy analysis for administrative role based access control without separate administration
DBSec'13 Proceedings of the 27th international conference on Data and Applications Security and Privacy XXVII
Hi-index | 0.00 |
Current techniques for security analysis of administrative role-based access control (ARBAC) policies restrict themselves to the separate administration assumption that essentially separates administrative roles from regular ones. The naive algorithm of tracking all users is all that is known for the analysis of ARBAC policies without separate administration, and the state space explosion that this results in precludes building effective tools. In contrast, the separate administration assumption greatly simplifies the analysis since it makes it sufficient to track only one user at a time. However, separation limits the expressiveness of the models and restricts modeling distributed administrative control. We undertake a fundamental study of analysis of ARBAC policies without the separate administration restriction, and show that analysis algorithms can be built that track only a bounded number of users, where the bound depends only on the number of administrative roles in the system. Using this fundamental insight paves the way for us to design an involved heuristic to further tame the state space explosion in practical systems. Our results are also very effective when applied on policies designed under the separate administration restriction. We implement our techniques and report on experiments conducted on several realistic case studies.