Transitive compaction in parallel via branchings
Journal of Algorithms
Dyn-FO (preliminary version): a parallel, dynamic complexity class
PODS '94 Proceedings of the thirteenth ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems
Computing Minimal Spanning Subgraphs in Linear Time
SIAM Journal on Computing
Role-Based Access Control Models
Computer
Maintaining transitive closure in first order after node-set and edge-set deletions
Information Processing Letters
Dynamic tree isomorphism via first-order updates to a relational database
PODS '98 Proceedings of the seventeenth ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems
The role graph model and conflict of interest
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Modeling users in role-based access control
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
Practical safety in flexible access control models
ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Incremental Evaluation of Datalog Queries
ICDT '92 Proceedings of the 4th International Conference on Database Theory
First-order Definability over Constraint Databases
CP '95 Proceedings of the First International Conference on Principles and Practice of Constraint Programming
Separation of Duty in Role-based Environments
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Fully dynamic transitive closure: breaking through the O(n/sup 2/) barrier
FOCS '00 Proceedings of the 41st Annual Symposium on Foundations of Computer Science
Removing permissions in the flexible authorization framework
ACM Transactions on Database Systems (TODS)
On permissions, inheritance and role hierarchies
Proceedings of the 10th ACM conference on Computer and communications security
A composite rbac approach for large, complex organizations
Proceedings of the ninth ACM symposium on Access control models and technologies
SERAT: SEcure role mApping technique for decentralized secure interoperability
Proceedings of the tenth ACM symposium on Access control models and technologies
Secure Interoperation in a Multidomain Environment Employing RBAC Policies
IEEE Transactions on Knowledge and Data Engineering
Incremental maintenance of shortest distance and transitive closure in first-order logic and SQL
ACM Transactions on Database Systems (TODS)
Delegation in the role graph model
Proceedings of the eleventh ACM symposium on Access control models and technologies
| Hi-index | 0.00 |
In this paper, we study the maintenance of role-based access control (RBAC) models in database environments using transitive closure relations. In particular, the algorithms that express and remove redundancy from a component, a RBAC state, and from conflict constraints. The transitive closure relations on a RBAC state specify the reachability among user groups, roles and from user groups to roles. These relations can assist the process of authorization and make some queries easier to answer. Paper [17] shows that the transitive closure relations on a RBAC model can be used to manage and maintain the model's dynamic changes in a simple and efficient way. In this paper, we firstly show that the transitive closure relations are natural byproducts when formulating RBAC components. We then adapt the conventional RBAC model to accord the inherent reachability of a RBAC model. We show that the use of transitive closure relations as the auxiliary relations for the maintenance of a RBAC state alleviates the process of query evaluation, removing redundancy and the description of hierarchies. Thirdly, in the presence of conflict constraints, we explain how conflicts can be expressed, checked and evaluated under the existence of TC relations, in addition to the removal of conflicts redundancy and finding inferred conflicts. Lastly, we briefly discuss the first-order maintenance operations.All the algorithms for the maintenance are first-order algorithms with simple structures and can be implemented in SQL.