A lightweight approach to specification and analysis of role-based access control extensions
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Proceedings of the 2004 ACM symposium on Applied computing
Distributed and Parallel Databases
International Journal of Information and Computer Security
The separation of duty with privilege calculus
RSKT'08 Proceedings of the 3rd international conference on Rough sets and knowledge technology
Reasoning about dynamic delegation in role based access control systems
DASFAA'11 Proceedings of the 16th international conference on Database systems for advanced applications - Volume Part I
Logic based authorization program and its implementation
Proceedings of the 4th international conference on Security of information and networks
OTM'11 Proceedings of the 2011th Confederated international conference on On the move to meaningful internet systems - Volume Part I
A network security policy model and its realization mechanism
Inscrypt'06 Proceedings of the Second SKLOIS conference on Information Security and Cryptology
| Hi-index | 0.00 |
The RBAC96 access control model has been the basisfor extensive work on role-based constraint specificationand role-based delegation. However, these practical extensionscan also lead to conflicts at compile and run-time. Wedemonstrate, following a rule-based, declarative approach,how conflicts between specified Separation of Duty constraintsand delegation activities can be detected. This approachalso demonstrates the general suitability of Prologas an executable specification language for the simulationand analysis of role-based systems. Using an extended definitionof a role we show how at least one of the conflicts canbe resolved and discuss the impacts of this extension on thespecified constraints.