Role-based access control for a distributed calculus

Authors:
Chiara Braghin;Daniele Gorla;Vladimiro Sassone
Affiliations:
Dip. Informatica, Univ. "Ca' Foscari" di Venezia, Italy;Dip. di Informatica, Univ. di Roma "La Sapienza", Italy;Dept. of Informatics, University of Sussex, UK
Venue:
Journal of Computer Security - Special issue on CSFW17
Year:
2006

Citing 20
Cited 2

Subtyping recursive types

ACM Transactions on Programming Languages and Systems (TOPLAS)
On reduction-based process semantics

Selected papers of the thirteenth conference on Foundations of software technology and theoretical computer science
Role-Based Access Control Models

Computer
KLAIM: A Kernel Language for Agents Interaction and Mobility

IEEE Transactions on Software Engineering
Mobile ambients

Theoretical Computer Science
A logical framework for reasoning about access control models

SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Role-based authorization constraints specification

ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control

ACM Transactions on Information and System Security (TISSEC)
Bisimulations in the join-calculus

Theoretical Computer Science
A lightweight approach to specification and analysis of role-based access control extensions

SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Types and programming languages

Types and programming languages
Resource access control in systems of mobile agents

Information and Computation
PI-Calculus: A Theory of Mobile Processes

PI-Calculus: A Theory of Mobile Processes
A Formal Model for Role-Based Access Control Using Graph Transformation

ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
Decidability of Safety in Graph-Based Models for Access Control

ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
A Distributed Calculus for Rôle-Based Access Control

CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Typed behavioural equivalences for processes in the presence of subtyping

Mathematical Structures in Computer Science
On asynchrony in name-passing calculi

Mathematical Structures in Computer Science
Secrecy and group creation

Information and Computation
Least Privilege and More

IEEE Security and Privacy

Role-based access control for boxed ambients

Theoretical Computer Science
Types for role-based access control of dynamic web data

WFLP'10 Proceedings of the 19th international conference on Functional and constraint logic programming

Quantified Score

Hi-index	0.00

Visualization

Abstract

Rôle-based access control (RBAC) is increasingly attracting attention because it reduces the complexity and cost of security administration by interposing the notion of rôle in the assignment of permissions to users. In this paper, we present a formal framework relying on an extension of the π-calculus to study the behaviour of concurrent systems in a RBAC scenario. We define a type system ensuring that the specified policy is respected during computations, and a behavioural equivalence to equate systems. We then consider a more sophisticated feature that can be easily integrated in our framework, i.e., the possibility of automatically adding rôle activations and deactivations to processes to be run under a given policy (whenever possible). Finally, we show how the framework can be easily extended to express significant extensions of the core RBAC model, such as rôles hierarchies or constraints determining the acceptability of the system components.