Formal authorisation allocation approaches for permission-role assignments using relational algebra operations

Authors:
Hua Wang;Yanchun Zhang;Jinli Cao
Affiliations:
Department of Maths & Computing, University of Southern Queensland, Toowoomba, QLD 4350, Australia;Department of Maths & Computing, University of Southern Queensland, Toowoomba, QLD 4350, Australia;Department of Computer Science & Computer Engineering, La Trobe University, Melbourne, VIC 3086, Australia
Venue:
ADC '03 Proceedings of the 14th Australasian database conference - Volume 17
Year:
2003

Citing 15
Cited 11

On the interaction between role-based access control and relational databases

Proceedings of the tenth annual IFIP TC11/WG11.3 international conference on Database security: volume X : status and prospects: status and prospects
Design systolic systems: Illustrating of regular algorithms on synchronous array processors

Design systolic systems: Illustrating of regular algorithms on synchronous array processors
Decentralized user-role assignment for Web-based intranets

RBAC '98 Proceedings of the third ACM workshop on Role-based access control
An Oracle implementation of the PRA97 model for permission-role assignment

RBAC '98 Proceedings of the third ACM workshop on Role-based access control
Role activation hierarchies

RBAC '98 Proceedings of the third ACM workshop on Role-based access control
Onion routing

Communications of the ACM
A role-based access control model and reference implementation within a corporate intranet

ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The RSL99 language for role-based separation of duty constraints

RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Supporting relationships in access control using role based access control

RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Untraceable off-line electronic cash flow in e-commerce

ACSC '01 Proceedings of the 24th Australasian conference on Computer science
Ticket-based service access scheme for mobile users

ACSC '02 Proceedings of the twenty-fifth Australasian conference on Computer science - Volume 4
Specifying and enforcing access control policies for XML document sources

World Wide Web
An Efficient Divisible Electronic Cash Scheme

CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Building a consumer scalable anonymity payment protocol for Internet purchases

RIDE '02 Proceedings of the 12th International Workshop on Research Issues in Data Engineering: Engineering E-Commerce/E-Business Systems (RIDE'02)
A Consumer Scalable Anonymity Payment Scheme with Role-Based Access Control

WISE '01 Proceedings of the Second International Conference on Web Information Systems Engineering (WISE'01) Volume 1 - Volume 1

Ubiquitous computing environments and its usage access control

InfoScale '06 Proceedings of the 1st international conference on Scalable information systems
A framework for role-based group deligation in distributed environments

ACSC '06 Proceedings of the 29th Australasian Computer Science Conference - Volume 48
Access control management for ubiquitous computing

Future Generation Computer Systems
Advanced Permission-Role Relationship in Role-Based Access Control

ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Protecting Information Sharing in Distributed Collaborative Environment

Advanced Web and NetworkTechnologies, and Applications
Delegating revocations and authorizations in collaborative business environments

Information Systems Frontiers
Delegating revocations and authorizations

BPM'07 Proceedings of the 2007 international conference on Business process management
Towards secure XML document with usage control

APWeb'05 Proceedings of the 7th Asia-Pacific web conference on Web Technologies Research and Development
Role-Based delegation with negative authorization

APWeb'06 Proceedings of the 8th Asia-Pacific Web conference on Frontiers of WWW Research and Development
Secure and efficient information sharing in multi-university E-Learning environments

ICWL'07 Proceedings of the 6th international conference on Advances in web based learning
Protecting disseminative information in E-Learning

ICWL'07 Proceedings of the 6th international conference on Advances in web based learning

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we develop formal authorization allocation algorithms for permission-role assignments. The formal approaches are based on relational structure, relational algebra and operations. The process of permission-role assignments is an important issue in role-based access control (RBAC) as it may modify the authorization level or imply high-level confidential information to be derived when roles are changed and request different permissions. There are two types of problems that may arise in permission-role assignments. One is related to authorization granting process. Conflicting permissions may be granted to a role, and as a result, users with the role may have or derive a high level of authority. Another is related to authorization revocation. When permission is revoked from a role, the role may still have the permission from other roles.To solve the problems, this paper presents an authorization granting algorithm, and weak revocation and strong revocation algorithms that are based on relational algebra operations. The algorithms can be used to check conflicts and therefore to help allocate permissions without compromising the security in RBAC. We describe how to use the new algorithms with an anonymity scalable payment scheme. Finally, comparisons with other related work are discussed.