A Unified High-Level Petri Net Formalism for Time-Critical Systems
IEEE Transactions on Software Engineering
A unified framework for enforcing multiple access control policies
SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Modeling users in role-based access control
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
A model for role administration using organization structure
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Access Rights Administration in Role-Based Security Systems
Proceedings of the IFIP WG11.3 Working Conference on Database Security VII
The Analysis of Distributed Systems by Means of Predicate ? Transition-Nets
Proceedings of the International Sympoisum on Semantics of Concurrent Computation
Cooperative role-based administration
Proceedings of the eighth ACM symposium on Access control models and technologies
Role mining - revealing business roles for security administration using data mining technology
Proceedings of the eighth ACM symposium on Access control models and technologies
The ARBAC99 Model for Administration of Roles
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Role-based access control in ambient and remote space
Proceedings of the ninth ACM symposium on Access control models and technologies
Administration in role-based access control
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Security Analysis of Role Based Access Control Models Using Colored Petri Nets and CPNtools
Transactions on Computational Science IV
Using user context for accessing IT resources
Proceedings of the first international workshop on Context-aware software technology and applications
Applying a usage control model in an operating system kernel
Journal of Network and Computer Applications
Using π-calculus to formalize domain administration of RBAC
ISPEC'06 Proceedings of the Second international conference on Information Security Practice and Experience
Hi-index | 0.00 |
In large organizations the administration of access privileges (such as the assignment of access rights to a user in a particular role) is handled cooperatively through distributed administrators in various different capacities. A quorum may be necessary, or a veto may be possible for such a decision. In this paper, we present two major contributions: We develop a role-based access control (RBAC) approach for specifying distributed administration requirements, and procedures between administrators, or administration teams, extending earlier work on distributed (modular) authorization. While a comprehensive specification in such a language is conceivable it would be quite tedious to evaluate, or analyze, their operational aspects and properties in practice. For this reason we create a new class of extended Petri Nets called Administration Nets (Adm-Nets) such that any RBAC specification of (cooperative) administration requirements (given in terms of predicate logic formulas) can be embedded into an Adm-Net. This net behaves within the constraints specified by the logical formulas, and at the same time, it explicitly exhibits all needed operational details such as allowing for an efficient and comprehensive formal analysis of administrative behavior. We introduce the new concepts and illustrate their use in several examples. While Adm-Nets are much more refined and (behaviorally) explicit than workflow systems our work provides for a constructive step towards novel workflow management tools as well. We demonstrate the usefulness of Adm-Nets by modeling typical examples of administration processes concerned with sets of distributed authorization rules.