1,660 Hits in 5.4 sec

Managing RBAC states with transitive relations

Chaoyi Pang, David Hansen, Anthony Maeder
2007 Proceedings of the 2nd ACM symposium on Information, computer and communications security - ASIACCS '07  
The transitive closure relations on a RBAC state specify the reachability among user groups, roles and from user groups to roles.  ...  Paper [17] shows that the transitive closure relations on a RBAC model can be used to manage and maintain the model's dynamic changes in a simple and efficient way.  ...  CONCLUSIONS In this paper, we have shown how to maintain reachability relations of a RBAC state by using transitive closure relations of GU , GR and GP .  ... 
doi:10.1145/1229285.1229306 dblp:conf/ccs/PangHM07 fatcat:jw2pivdjqbfydf4aqaiowtbnuq

Automated Analysis of Access Control Policies Based on Model Checking

Anh Truong
2020 SN Computer Science  
More details, we present how to design analysis techniques, namely asasp2.1 and asaspTIME2.0 for ARBAC and ATRBAC, respectively, which are based on the ideas of a framework to analyze infinite state-transition  ...  The transition (Admin, QC ∧ IT, Manager) is also a transition related to the current analysis step.  ...  The set of transitions related to the current analysis step is ⟨(Admin, QC ∧ IT, Manager), (Admin, Tester, Manager), (Admin, Manager)⟩ .  ... 
doi:10.1007/s42979-020-00307-8 fatcat:2ttgm3hk3rgefhdxnolmybezf4

The Formal Model of DBMS Enforcing Multiple Security Polices

Yongzhong He, Zhen Han, Huirong Fu, Guangzhi Qu
2010 Journal of Software  
And the security properties are comprehensively and accurately specified in terms of about 17 state invariants and state transition constraints.  ...  The formal security policy model and security analysis is necessary to help Database Management System (DBMS) to attain a higher assurance level.  ...  The operation rules of SEPOSTG are secure with respect to all the state invariants and state transition constraints of SEPOSTG.  ... 
doi:10.4304/jsw.5.5.514-521 fatcat:5z2wz7iuprge7on4bjwo74tl7a

MIRBAC: A Role-Based Access Control Model for Multi-Domain Interoperability

Ting Cai, Jun-Zhan Wang
2017 International Journal of Security and Its Applications  
In this article, we introduce three types of inter-domain role relations, such as transitive mapping, non-transitive mapping and restricted access, extend the standard single-domain RBAC model to a multi-domain  ...  Compared with the prior studies, MIRBAC model supports separation of duties constraint under multi-domain environments, the security and management flexibility of interdomain authorization is greatly improved  ...  Currently, almost all of the RBAC based security interoperation support transitive mapping relation.  ... 
doi:10.14257/ijsia.2017.11.6.01 fatcat:zfgwbuxnbbfrnb3zbzoq6tqkva

Automated Model-Based Testing of Role-Based Access Control Using Predicate/Transition Nets

Dianxiang Xu, Michael Kent, Lijo Thomas, Tejeddine Mouelhi, Yves Le Traon
2015 IEEE transactions on computers  
To reveal access control defects, this paper presents a model-based approach to automated generation of executable access control tests using predicate/transition nets.  ...  Role-permission test models are built by integrating declarative access control rules with functional test models or contracts (preconditions and postconditions) of the associated activities (the system  ...  Nevertheless, for all the test models in Table 6 (even for the simplest V1 with 90 states and 200 state transitions), manual test generation and management are almost infeasible.  ... 
doi:10.1109/tc.2014.2375189 fatcat:yv3giadldvgm7eafng2qu5vkoi

Security policy verification for multi-domains in cloud systems

Antonios Gouglidis, Ioannis Mavridis, Vincent C. Hu
2013 International Journal of Information Security  
Our proposal is based on NIST's (National Institute of Standards and Technology) generic model checking technique and has been enriched with RBAC reasoning.  ...  An additional characteristic defined in [43] by the National Institute of Standards and Technology (NIST) is Broad Network Access, which states that available capabilities can be accessed using standard  ...  . , (r n , U P (r n ))}, • δ is a transition relation where δ : S × Act → S, and • i 0 ∈ S is the initial state.  ... 
doi:10.1007/s10207-013-0205-x fatcat:yzjvk3lzufhsfazeanfvldsrfi

SESAME: Scalable, Environment Sensitive Access Management Engine

Guangsen Zhang, Manish Parashar
2006 Cluster Computing  
The underlying dynamic role based access control (DRBAC) model extends the classic role based access control (RBAC).  ...  We also present a prototype implementation of SESAME and DRBAC with the Discover computational collaboratory and an experimental evaluation of its overheads.  ...  . • RBAC 1 : RBAC 0 with role hierarchies. • RBAC 2 : RBAC 1 with constraints on user/role, role/role, and/or role/permission associations.  ... 
doi:10.1007/s10586-006-4894-z fatcat:lsl5ul2z2rhs5ba6wfhtex6gmu

Modeling and Inferring on Role-Based Access Control Policies Using Data Dependencies [chapter]

Romuald Thion, Stéphane Coulondre
2006 Lecture Notes in Computer Science  
This paper shows that theoretical tools from relational databases are suitable for expressing and inferring on RBAC policies and their related constraints.  ...  Role-based access control (RBAC) models are becoming a de facto standard, greatly simplifying management and administration tasks.  ...  Their enhanced expressivity can be used to models new king of RBAC constraints involving disjunctions: a new class of organizational constraints which have not been adressed yet but that might be usefull  ... 
doi:10.1007/11827405_89 fatcat:gzrtnjvlgvh5febdnsgvwqo2r4

Towards Modal Logic Formalization of Role-Based Access Control with Object Classes [chapter]

Junghwa Chae
2007 Lecture Notes in Computer Science  
This paper addresses a variation of the role-based access control (RBAC) model with a classification mechanism for objects and a notion of class hierarchies.  ...  Relations satisfying K45 properties; i.e., transitive and Euclidean, fit best with the characteristics of access control in information systems.  ...  It is valid whether or not binary relations exhibit transitive or Euclidean property.  ... 
doi:10.1007/978-3-540-73196-2_7 fatcat:eepdhaqznfc4zdhoxsom5kxk74

Towards Formal Verification of Role-Based Access Control Policies

S. Jha, Ninghui Li, M. Tripunitara, Qihua Wang, W. Winsborough
2008 IEEE Transactions on Dependable and Secure Computing  
We propose to develop formal verification techniques for access control policies to improve the current state of the art of policy specification and management.  ...  Index Terms-Access control, RBAC, formal methods, computational complexity.  ...  Such a definition abstracts a state transition as a binary relation and does not make explicit which principals initiate a particular action to effect a state transition.  ... 
doi:10.1109/tdsc.2007.70225 fatcat:osup3kqctzdjtm2acjkty37xba

Precursors of Role-Based Access Control Design in KMS: A Conceptual Framework

Gabriel Nyame, Zhiguang Qin
2020 Information  
The propositions stated in this study are important considerations for future work.  ...  These constructs provide more significant insights into RBAC design in Knowledge Management Systems (KMS).  ...  In this work, we recognize the developmental transitions of RBAC over the years, especially on constraints and permission assignments enforced on authorized users for authorization management.  ... 
doi:10.3390/info11060334 fatcat:bo55xmi44jac7cliikr7prfnf4

Formal Security Policy Verification of Distributed Component-Structured Software [chapter]

Peter Herrmann
2003 Lecture Notes in Computer Science  
The design of state-based security policy specifications and of RBAC-models is supported by framework libraries of specification patterns which may be instantiated and composed to a specification.  ...  Security policies describing the behavior constraints are formally specified and, at runtime, so-called security wrappers monitor the interface traffic of components and check it for compliance with the  ...  The RBAC model defines a many-to-many relation between roles and permissions (e.g., a general manager may give reductions to the room prizes).  ... 
doi:10.1007/978-3-540-39979-7_17 fatcat:zn3oihaswvhi7fo7menafgjvpm

A Critique of the ANSI Standard on Role-Based Access Control

Ninghui Li, Ji-Won Byun, Elisa Bertino
2007 IEEE Security and Privacy  
We believe that our analysis will contribute to improvements in the RBAC standard and, more broadly, in the understanding of RBAC.  ...  We also analyze several critical features of RBAC, such as sessions, hierarchies, and constraints, and discuss how they should be supported in RBAC models.  ...  Users interact directly with the target systems to access resources; the ESM products only use RBAC to manage the policy settings in the target systems.  ... 
doi:10.1109/msp.2007.158 fatcat:tczng6fhmvgefom2x4yefmyxwi

Comparing the expressive power of access control models

Mahesh V. Tripunitara, Ninghui Li
2004 Proceedings of the 11th ACM conference on Computer and communications security - CCS '04  
We perceive access control systems as state-transition systems and require simulations to preserve security properties.  ...  Access Matrix), thereby solving an open problem posed in the literature; and (3) a trust-management language is at least as expressive as RBAC with a particular administrative model (the URA97 component  ...  Comparing an RBAC scheme with a Trust Management Language In this section, we compare a particular RBAC scheme to the trust management language, RT[∩].  ... 
doi:10.1145/1030083.1030093 dblp:conf/ccs/TripunitaraL04 fatcat:azq5imk37veuph3mgvw3lrgkuq

Sorting out role based access control

Wouter Kuijper, Victor Ermolaev
2014 Proceedings of the 19th ACM symposium on Access control models and technologies - SACMAT '14  
We start from the observation that "classic" RBAC blends together subject management aspects and permission management aspects into a single object of indirection: a role.  ...  Role-based access control (RBAC) is a popular framework for modelling access control rules. In this paper we identify a fragment of RBAC called bi-sorted role based access control (RBÄC).  ...  Their approach is to formalize an access control scheme as a state transition system and to define an expressivity ordering among schemes based on simulation relations.  ... 
doi:10.1145/2613087.2613101 dblp:conf/sacmat/KuijperE14 fatcat:gtwh4p6xr5bh5nt7nwwricf5pa
« Previous Showing results 1 — 15 out of 1,660 results