The schematic protection model: its definition and analysis for acyclic attenuating schemes
Journal of the ACM (JACM)
The computational complexity of propositional STRIPS planning
Artificial Intelligence
Role-Based Access Control Models
Computer
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Protection in operating systems
Communications of the ACM
Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
Practical safety in flexible access control models
ACM Transactions on Information and System Security (TISSEC)
Lattice-Based Access Control Models
Computer
Specifying and enforcing constraints in role-based access control
Proceedings of the eighth ACM symposium on Access control models and technologies
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Beyond Proof-of-Compliance: Safety and Availability Analysis in Trust Management
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
An Approach for Modeling and Analysis of Security System Architectures
IEEE Transactions on Knowledge and Data Engineering
The UCONABC usage control model
ACM Transactions on Information and System Security (TISSEC)
Security analysis in role-based access control
Proceedings of the ninth ACM symposium on Access control models and technologies
Beyond proof-of-compliance: security analysis in trust management
Journal of the ACM (JACM)
Policy Analysis for Administrative Role Based Access Control
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Secure attribute-based systems
Proceedings of the 13th ACM conference on Computer and communications security
Authorisation Using Attributes from Multiple Authorities
WETICE '06 Proceedings of the 15th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
Efficient policy analysis for administrative role based access control
Proceedings of the 14th ACM conference on Computer and communications security
Detecting and resolving policy misconfigurations in access-control systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Towards Formal Verification of Role-Based Access Control Policies
IEEE Transactions on Dependable and Secure Computing
Symbolic reachability analysis for parameterized administrative role based access control
Proceedings of the 14th ACM symposium on Access control models and technologies
Relationships between nondeterministic and deterministic tape complexities
Journal of Computer and System Sciences
Efficient symbolic automated analysis of administrative attribute-based RBAC-policies
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Attribute-Based authentication and authorisation infrastructures for e-commerce providers
EC-Web'06 Proceedings of the 7th international conference on E-Commerce and Web Technologies
Abductive analysis of administrative policies in rule-based access control
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Access control: principle and practice
IEEE Communications Magazine
Automated and efficient analysis of role-based access control with attributes
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
A unified attribute-based access control model covering DAC, MAC and RBAC
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
A role-based administration model for attributes
Proceedings of the First International Workshop on Secure and Resilient Architectures and Systems
Hi-index | 0.00 |
Attribute-based access control (ABAC) is well-known and increasingly prevalent. Nonetheless, administration of attributes is not well-studied so far. Recently, the Generalized User-Role Assignment model (GURA) was proposed to provide ARBAC97-style (administrative role-based access control) administration of user attributes. An attribute is simply a name-value pair, examples of which include clearance, group and affiliations. In GURA, user attributes are collectively administered by different administrative roles to enable distributed administration. Given an administrative policy that specifies the conditions under which administrative roles can modify user attributes, it is useful to understand whether an attribute of a particular user can reach a specific value because user attributes are used for security-sensitive activities such as authentication, authorization and audit. In this paper, we study the user-attribute reachability problems in a restricted GURA model called rGURA. We formalize rGURA as a state transition system and show that the reachability problems for its general cases are PSPACE-complete. However, we do find polynomial-time solutions to reachability problems for limited versions of rGURA that are still useful in practice. The algorithms not only answer reachability problem but also provide a plan of sequential attribute updates by one or more administrators in order to reach particular values for user attributes. rGURA is relatively simple and practical. It is likely that other proposals will subsume the functionality of rGURA and thereby subsume its complexity results.