The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Alcoa: the alloy constraint analyzer
Proceedings of the 22nd international conference on Software engineering
A lightweight approach to specification and analysis of role-based access control extensions
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Verification and change-impact analysis of access-control policies
Proceedings of the 27th international conference on Software engineering
Verifying information flow goals in security-enhanced Linux
Journal of Computer Security - Special issue on WITS'03
Policy Analysis for Administrative Role Based Access Control
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
On the modeling and analysis of obligations
Proceedings of the 13th ACM conference on Computer and communications security
Security analysis in role-based access control
ACM Transactions on Information and System Security (TISSEC)
Journal of Computer Security - Special issue on CSFW15
Efficient policy analysis for administrative role based access control
Proceedings of the 14th ACM conference on Computer and communications security
RBAC-PAT: A Policy Analysis Tool for Role Based Access Control
TACAS '09 Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009,
Specification and Analysis of Dynamic Authorisation Policies
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
User-role reachability analysis of evolving administrative role based access control
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Efficient symbolic automated analysis of administrative attribute-based RBAC-policies
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Policy analysis for Administrative Role-Based Access Control
Theoretical Computer Science
Automatic error finding in access-control policies
Proceedings of the 18th ACM conference on Computer and communications security
Analyzing temporal role based access control models
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Security Analysis of Role-Based Access Control through Program Verification
CSF '12 Proceedings of the 2012 IEEE 25th Computer Security Foundations Symposium
Policy analysis for self-administrated role-based access control
TACAS'13 Proceedings of the 19th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Hi-index | 0.00 |
Access control is widely used in large systems for restricting resource access to authorized users. In particular, role based access control (RBAC) is a generalized approach to access control and is well recognized for its many advantages in managing authorization policies. This paper considers user-role reachability analysis of administrative role based access control (ARBAC), which defines administrative roles and specifies how members of each administrative role can change the RBAC policy. Most existing works on user-role reachability analysis assume the separate administration restriction in ARBAC policies. While this restriction greatly simplifies the user-role reachability analysis, it also limits the expressiveness and applicability of ARBAC. In this paper, we consider analysis of ARBAC without the separate administration restriction and present new techniques to reduce the number of ARBAC rules and users considered during analysis. We also present a number of parallel algorithms that speed up the analysis on multi-core systems. The experimental results show that our techniques significantly reduce the analysis time, making it practical to analyze ARBAC without separate administration.