Formal Authorization Allocation Approaches for Role-Based Access Control Based on Relational Algebra Operations

Quantified Score

Visualization

Abstract

In this paper, we develop formal authorization allocationalgorithms for role-based access control (RBAC). Theformal approaches are based on relational structure, andrelational algebra and operations. The process of user-roleassignments is an important issue in RBAC because it maymodify the authorization level or imply high-level confidentialinformation to be derived while users change positionsand request different roles. There are two types of problemswhich may arise in user-role assignment. One is related toauthorization granting process. When a role is granted to auser, this role may be conflict with other roles of the user ortogether with this role; the user may have or derive a highlevel of authority. Another is related to authorization revocation.When a role is revoked from a user, the user maystill have the role from other roles.To solve the problems, this paper presents an authorizationgranting algorithm, and weak revocation and strongrevocation algorithms that are based on relational algebra.The algorithms can be used to check conflicts and thereforeto help allocate the roles without compromising the securityin RBAC. We describe how to use the new algorithms withan anonymity scalable payment scheme. Finally, comparisonswith other related work are discussed.