Mandatory access control and role-based access control revisited
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
How to do discretionary access control using roles
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The expressive power of multi-parent creation in monotonic access control models
Journal of Computer Security
Configuring role-based access control to enforce mandatory and discretionary access control policies
ACM Transactions on Information and System Security (TISSEC)
Protection in operating systems
Communications of the ACM
A logical framework for reasoning about access control models
ACM Transactions on Information and System Security (TISSEC)
Distributed credential chain discovery in trust management
Journal of Computer Security
ACM SIGOPS Operating Systems Review
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Beyond Proof-of-Compliance: Safety and Availability Analysis in Trust Management
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
A State-Transition Model of Trust Management and Access Control
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Expressive power of access control models based on propagation of rights
Expressive power of access control models based on propagation of rights
Security analysis in role-based access control
Proceedings of the ninth ACM symposium on Access control models and technologies
On classifying access control implementations for distributed systems
Proceedings of the eleventh ACM symposium on Access control models and technologies
Security analysis in role-based access control
ACM Transactions on Information and System Security (TISSEC)
High Level Conflict Management Strategies in Advanced Access Control Models
Electronic Notes in Theoretical Computer Science (ENTCS)
A layered approach to simplified access control in virtualized systems
ACM SIGOPS Operating Systems Review
A dynamic key management solution to access hierarchy
International Journal of Network Management
A theory for comparing the expressive power of access control models
Journal of Computer Security
IPDPS'06 Proceedings of the 20th international conference on Parallel and distributed processing
Security rules versus security properties
ICISS'10 Proceedings of the 6th international conference on Information systems security
Quantitative access control with partially-observable Markov decision processes
Proceedings of the second ACM conference on Data and Application Security and Privacy
Future Generation Computer Systems
Hi-index | 0.00 |
Comparing the expressive power of access control models is recognized as a fundamental problem in computer security. Such comparisons are generally based on simulations between different access control schemes. However, the definitions for simulations that are used in the literature make it impossible to put results and claims about the expressive power of access control models into a single context and to compare such models to one another in a meaningful way. We propose a theory for comparing the expressive power of access control models. We perceive access control systems as state-transition systems and require simulations to preserve security properties. We discuss the rationale behind such a theory, apply the theory to reexamine some existing work on the expressive power of access control models in the literature and present three results. We show that: (1) RBAC with a particular administrative model from the literature (ARBAC97) is limited in its expressive power; (2) ATAM (Augmented Typed Access Matrix) is more expressive than TAM (Typed Access Matrix), thereby solving an open problem posed in the literature; and (3) a trust-management language is at least as expressive as RBAC with a particular administrative model (the URA97 component of ARBAC97).