Role-Based Access Control Models
Computer
The role graph model and conflict of interest
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The specification and enforcement of authorization constraints in workflow management systems
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Flexible control of downloaded executable content
ACM Transactions on Information and System Security (TISSEC)
Modeling users in role-based access control
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
An access control model for simplifying constraint expression
Proceedings of the 7th ACM conference on Computer and communications security
Protection in operating systems
Communications of the ACM
Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
A Dynamically Typed Access Control Model
ACISP '98 Proceedings of the Third Australasian Conference on Information Security and Privacy
Separation of Duty in Role-based Environments
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
The transfer of information and authority in a protection system
SOSP '79 Proceedings of the seventh ACM symposium on Operating systems principles
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Practical safety in flexible access control models
ACM Transactions on Information and System Security (TISSEC)
Managing access control policies using access control spaces
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Policy management using access control spaces
ACM Transactions on Information and System Security (TISSEC)
Verifying Enterprise 's Mandatory Access Control Policies with Coloured Petri Nets
WETICE '03 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
Verification of Business Process Entailment Constraints Using SPIN
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Hi-index | 0.00 |
General access control models enable flexible expression of access control policies, but they make the verification of whether a particular access control configuration is safe (i.e., prevents the leakage of a permission to an unauthorized subject) difficult. The current approach to expressing safety policy in such models is to use constraints. When the constraints are verified, then the configuration is verified to be safe. However, the addition of constraints to an access control configuration significantly increases its complexity, so it quickly becomes difficult to understand the access control policy expressed in the configuration such that future changes can be made correctly. We propose an approach whereby the complexity of each access control configuration is estimated, so the administrators can see the effect of a configuration change on the future ability to maintain the configuration. We identify metrics for making complexity estimates and evaluate these metrics on some constraint examples. Our goal is to enable the use of flexible access control models for safety-critical systems by permitting limited use of constraints that do not complicate the configuration beyond a maintainable complexity.