Formal foundations for hybrid hierarchies in GTRBAC

Authors:
James B. D. Joshi;Elisa Bertino;Arif Ghafoor;Yue Zhang
Affiliations:
University of Pittsburgh, Pennsylvania;Purdue University, West Lafayette, Indiana;Purdue University, West Lafayette, Indiana;University of Pittsburgh, Pennsylvania
Venue:
ACM Transactions on Information and System Security (TISSEC)
Year:
2008

Citing 22
Cited 4

Role-Based Access Control Models

Computer
Role-based access control: a natural approach

RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
Role activation hierarchies

RBAC '98 Proceedings of the third ACM workshop on Role-based access control
Control principles and role hierarchies

RBAC '98 Proceedings of the third ACM workshop on Role-based access control
The role graph model and conflict of interest

ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The specification and enforcement of authorization constraints in workflow management systems

ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The ARBAC97 model for role-based administration of roles

ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The uses of role hierarchies in access control

RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Configuring role-based access control to enforce mandatory and discretionary access control policies

ACM Transactions on Information and System Security (TISSEC)
Security models for web-based applications

Communications of the ACM
Role-based access control on the web

ACM Transactions on Information and System Security (TISSEC)
Practical safety in flexible access control models

ACM Transactions on Information and System Security (TISSEC)
TRBAC: A temporal role-based access control model

ACM Transactions on Information and System Security (TISSEC)
Temporal hierarchies and inheritance semantics for GTRBAC

SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
A graph-based formalism for RBAC

ACM Transactions on Information and System Security (TISSEC)
Digital Government Security Infrastructure Design Challenges

Computer
Access Rights Administration in Role-Based Security Systems

Proceedings of the IFIP WG11.3 Working Conference on Database Security VII
Secure Mediation: Requirements and Design

Proceedings of the IFIP TC11 WG 11.3 Twelfth International Working Conference on Database Security XII: Status and Prospects
Role Hierarchies and Constraints for Lattice-Based Access Controls

ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
Administrative scope: A foundation for role-based administrative models

ACM Transactions on Information and System Security (TISSEC)
A Generalized Temporal Role-Based Access Control Model

IEEE Transactions on Knowledge and Data Engineering
An Analysis of Expressiveness and Design Issues for the Generalized Temporal Role-Based Access Control Model

IEEE Transactions on Dependable and Secure Computing

Supporting authorization query and inter-domain role mapping in presence of hybrid role hierarchy

Proceedings of the eleventh ACM symposium on Access control models and technologies
UAQ: a framework for user authorization query processing in RBAC extended with hybrid hierarchy and constraints

Proceedings of the 13th ACM symposium on Access control models and technologies
PuRBAC: Purpose-Aware Role-Based Access Control

OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
LoT-RBAC: a location and time-based RBAC model

WISE'05 Proceedings of the 6th international conference on Web Information Systems Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

A role hierarchy defines permission acquisition and role-activation semantics through role--role relationships. It can be utilized for efficiently and effectively structuring functional roles of an organization having related access-control needs. The focus of this paper is the analysis of hybrid role hierarchies in the context of the generalized temporal role-based access control (GTRBAC) model that allows specification of a comprehensive set of temporal constraints on role, user-role, and role-permission assignments. We introduce the notion of uniquely activable set (UAS) associated with a role hierarchy that indicates the access capabilities of a user resulting from his membership to a role in the hierarchy. Identifying such a role set is essential, while making an authorization decision about whether or not a user should be allowed to activate a particular combination of roles in a single session. We formally show how UAS can be determined for a hybrid hierarchy. Furthermore, within a hybrid hierarchy, various hierarchical relations may be derived between an arbitrary pair of roles. We present a set of inference rules that can be used to generate all the possible derived relations that can be inferred from a specified set of hierarchical relations and show that it is sound and complete. We also present an analysis of hierarchy transformations with respect to role addition, deletion, and partitioning, and show how various cases of these transformations allow the original permission acquisition and role-activation semantics to be managed. The formal results presented here provide a basis for developing efficient security administration and management tools.