Efficient policy analysis for administrative role based access control
Proceedings of the 14th ACM conference on Computer and communications security
Information and Computation
Model-Based Run-Time Checking of Security Permissions Using Guarded Objects
Runtime Verification
RBAC-PAT: A Policy Analysis Tool for Role Based Access Control
TACAS '09 Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009,
Symbolic reachability analysis for parameterized administrative role based access control
Proceedings of the 14th ACM symposium on Access control models and technologies
Maintaining control while delegating trust: Integrity constraints in trust management
ACM Transactions on Information and System Security (TISSEC)
Toward practical authorization-dependent user obligation systems
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
A logic for state-modifying authorization policies
ACM Transactions on Information and System Security (TISSEC)
Dynamic policy based model for trust based access control in P2P applications
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
User-role reachability analysis of evolving administrative role based access control
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Efficient symbolic automated analysis of administrative attribute-based RBAC-policies
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Program synthesis in administration of higher-order permissions
Proceedings of the 16th ACM symposium on Access control models and technologies
On the management of user obligations
Proceedings of the 16th ACM symposium on Access control models and technologies
ASASP: automated symbolic analysis of security policies
CADE'11 Proceedings of the 23rd international conference on Automated deduction
Towards coequal authorization for dynamic collaboration
AMT'11 Proceedings of the 7th international conference on Active media technology
Policy analysis for Administrative Role-Based Access Control
Theoretical Computer Science
Automatic error finding in access-control policies
Proceedings of the 18th ACM conference on Computer and communications security
Automated symbolic analysis of ARBAC-policies
STM'10 Proceedings of the 6th international conference on Security and trust management
Ensuring authorization privileges for cascading user obligations
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
A logic for state-modifying authorization policies
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Symbolic backward reachability with effectively propositional logic
Formal Methods in System Design
Mohawk: Abstraction-Refinement and Bound-Estimation for Verifying Access Control Policies
ACM Transactions on Information and System Security (TISSEC)
Policy analysis for self-administrated role-based access control
TACAS'13 Proceedings of the 19th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Heuristic safety analysis of access control models
Proceedings of the 18th ACM symposium on Access control models and technologies
Reachability analysis for role-based administration of attributes
Proceedings of the 2013 ACM workshop on Digital identity management
Policy analysis for administrative role based access control without separate administration
DBSec'13 Proceedings of the 27th international conference on Data and Applications Security and Privacy XXVII
Journal of Computer Security - STM'10
Formal verification of security properties in trust management policy
Journal of Computer Security
| Hi-index | 0.00 |
Role-Based Access Control (RBAC) is a widely used model for expressing access control policies. In large organizations, the RBAC policy may be collectively managed by many administrators. Administrative RBAC (ARBAC) is a model for expressing the authority of administrators, thereby specifying how an organization's RBAC policy may change. Changes by one administrator may interact in unintended ways with changes by other administrators. Consequently, the effect of an ARBAC policy is hard to understand by simple inspection. In this paper, we consider the problem of analyzing ARBAC policies, in particular to determine reachability properties (e.g., whether a user can eventually be assigned to a role by a group of administrators) and availability properties (e.g., whether a user cannot be removed from a role by a group of administrators) implied by a policy. We first establish the connection between security policy analysis and planning in Artificial Intelligence. Based partly on this connection, we show that reachability analysis for ARBAC is PSPACE-complete. We also give algorithms and complexity results for reachability and related analysis problems for several categories of ARBAC policies, defined by simple restrictions on the policy language.