The schematic protection model: its definition and analysis for acyclic attenuating schemes
Journal of the ACM (JACM)
Role-Based Access Control Models
Computer
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
A Linear Time Algorithm for Deciding Subject Security
Journal of the ACM (JACM)
Protection in operating systems
Communications of the ACM
The role-based access control system of a European bank: a case study and discussion
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
Practical safety in flexible access control models
ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
A model for role administration using organization structure
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Decidability of Safety in Graph-Based Models for Access Control
ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
Administrative scope: A foundation for role-based administrative models
ACM Transactions on Information and System Security (TISSEC)
Distributed credential chain discovery in trust management
Journal of Computer Security
ACM SIGOPS Operating Systems Review
The role control center: features and case studies
Proceedings of the eighth ACM symposium on Access control models and technologies
Specifying and enforcing constraints in role-based access control
Proceedings of the eighth ACM symposium on Access control models and technologies
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Beyond Proof-of-Compliance: Safety and Availability Analysis in Trust Management
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Comparing the expressive power of access control models
Proceedings of the 11th ACM conference on Computer and communications security
Database Security-Concepts, Approaches, and Challenges
IEEE Transactions on Dependable and Secure Computing
Understanding and developing role-based administrative models
Proceedings of the 12th ACM conference on Computer and communications security
Safety analysis of usage control authorization models
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Data-centric security: role analysis and role typestates
Proceedings of the eleventh ACM symposium on Access control models and technologies
Resiliency policies in access control
Proceedings of the 13th ACM conference on Computer and communications security
Security analysis in role-based access control
ACM Transactions on Information and System Security (TISSEC)
A theory for comparing the expressive power of access control models
Journal of Computer Security
Resiliency Policies in Access Control
ACM Transactions on Information and System Security (TISSEC)
Extending the globus architecture with role-based trust management
EUROCAST'07 Proceedings of the 11th international conference on Computer aided systems theory
A logic for state-modifying authorization policies
ACM Transactions on Information and System Security (TISSEC)
Proceedings of the 15th ACM symposium on Access control models and technologies
Towards automatic update of access control policy
LISA'10 Proceedings of the 24th international conference on Large installation system administration
Types for security in a mobile world
TGC'05 Proceedings of the 1st international conference on Trustworthy global computing
Automatic error finding in access-control policies
Proceedings of the 18th ACM conference on Computer and communications security
Specifying and reasoning about dynamic access-control policies
IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
Towards an integrated formal analysis for security and trust
FMOODS'05 Proceedings of the 7th IFIP WG 6.1 international conference on Formal Methods for Open Object-Based Distributed Systems
The complexity of discretionary access control
IWSEC'06 Proceedings of the 1st international conference on Security
Visualizing privacy implications of access control policies in social network systems
DPM'09/SETOP'09 Proceedings of the 4th international workshop, and Second international conference on Data Privacy Management and Autonomous Spontaneous Security
A logic for state-modifying authorization policies
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Mohawk: Abstraction-Refinement and Bound-Estimation for Verifying Access Control Policies
ACM Transactions on Information and System Security (TISSEC)
Policy analysis for self-administrated role-based access control
TACAS'13 Proceedings of the 19th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Reachability analysis for role-based administration of attributes
Proceedings of the 2013 ACM workshop on Digital identity management
Hi-index | 0.00 |
Delegation is often used in administrative models for Role-Based Access Control (RBAC) systems to decentralize administration tasks. While the use of delegation greatly enhances flexibility and scalability, it may reduce the control that an organization has over its resources, thereby diminishing a major advantage RBAC has over Discretionary Access Control(DAC). We propose to use security analysis techniques to maintain desirable security properties while delegating administrative privileges. We give a precise definition of a family of security analysis problems in RBAC, which is more general than safety analysis that is studied in the literature. We also show that two classes of problems in the family can be reduced to similar analysis in the RT0 trust-management language, thereby establishing an interesting relationship between RBAC and the RT (Role-based Trust-management) framework. The reduction gives efficient algorithms for answering most kinds of queries in these two classes and establishes the complexity bounds for the intractable cases.