A Unified High-Level Petri Net Formalism for Time-Critical Systems
IEEE Transactions on Software Engineering
A unified framework for enforcing multiple access control policies
SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Modeling users in role-based access control
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
A model for role administration using organization structure
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Access Rights Administration in Role-Based Security Systems
Proceedings of the IFIP WG11.3 Working Conference on Database Security VII
The Analysis of Distributed Systems by Means of Predicate ? Transition-Nets
Proceedings of the International Sympoisum on Semantics of Concurrent Computation
The ARBAC99 Model for Administration of Roles
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Role-based access control in ambient and remote space
Proceedings of the ninth ACM symposium on Access control models and technologies
Modular authorization and administration
ACM Transactions on Information and System Security (TISSEC)
Administration in role-based access control
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
User-managed access control for health care systems
SDM'05 Proceedings of the Second VDLB international conference on Secure Data Management
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
Automatic enforcement of access control policies among dynamic coalitions
ICDCIT'04 Proceedings of the First international conference on Distributed Computing and Internet Technology
Hi-index | 0.00 |
In large organizations the administration of access privileges (such as the assignment of an access right to a user in a particular role) is handled cooperatively through distributed administrators in various different capacities. A quorum may be necessary, or a veto may be possible for such a decision. In this paper we present two major contributions: We develop a Role-Based Access Control (RBAC) approach for specifying distributed administration requirements, and procedures between administrators, or administration teams, extending earlier work on distributed (modular) authorization. While a comprehensive specification in such a language is conceivable it would be quite tedious to evaluate, or analyze, their operational aspects and properties in practice. For this reason we create a new class of extended Petri Nets called Administration Nets such that any RBAC specification of (cooperative) administration requirements (given in terms of predicate logic formulas) can be embedded into an Administration Net. This net behaves within the constraints specified by the logical formulas, and at the same time, it explicitly exhibits all needed operational details such as to allow for an efficient and comprehensive formal analysis of administrative behavior. We introduce the new concepts and illustrate their use in several examples. While Administration Nets are much more refined and (behaviorally) explicit than work flow systems our work provides for a constructive step towards novel work-flow management tools as well.