ABSTRACT
Role-based access control is a powerful and policy-neutral concept for enforcing access control. Many extensions have been proposed, the most significant of which are the decentralised administration of role-based systems and the enforcement of constraints. However, the simultaneous integration of these extensions can cause conflicts in a later system implementation. We demonstrate how we use the Alloy language for the specification of a conflict-free role-based system. This specification provides us at the same time with a suitable basis for further analysis by the Alloy constraint analyser.
- G. Ahn. RCL 2000. Phd dissertation, George Mason University, 2000.Google Scholar
- D. Clark and D. Wilson. A comparison of commercial and military security policies. In IEEE Symposium on Security and Privacy, pages 184--194, Oakland, California, 1987.Google ScholarCross Ref
- V. Gligor, S. Gavrila, and D. Ferraiolo. On the formal definition of separation-of-duty policies and their composition. In IEEE Symposium on Security and Privacy, pages 172--185, Oakland, CA, 1998.Google ScholarCross Ref
- D. Jackson. Alloy: A leightweight object modelling notation. Technical Report 797, MIT Laboratory for Computer Science, 2000.Google Scholar
- D. Jackson, I. Schechter, and I. Shlyakhter. Alcoa: the Alloy constraint analyzer. In Proc. International Conference on Software Engineering, Limerick, Ireland, 2000. Google ScholarDigital Library
- T. Jaeger and J. Tidswell. Practical safety in flexible access control models. ACM Transactions on Information and System Security (TISSEC), 4(2), 2001. Google ScholarDigital Library
- R. Kuhn. Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems. In 2nd ACM workshop on Role-based access control, pages 23--30, 1997. Google ScholarDigital Library
- J. Moffett. Control principles and role hierarchies. In 3rd ACM Workshop on Role Based Access Control, pages 63--72, George Mason University, Fairfax, VA, 1998. Google ScholarDigital Library
- J. Moffett and E. Lupu. The uses of role hierarchies in access control. In 4th ACM Workshop on Role-Based Access Control, pages 153--160, Fairfax, Virginia, 1999. Google ScholarDigital Library
- M. Nash and K. Poland. Some conundrums concerning separation of duty. In IEEE Symposium on Security and Privacy, pages 201--209, Oakland, CA, 1990.Google ScholarCross Ref
- R. Sandhu, V. Bhamidipati, and Q. Munawer.The ARBAC97 model for role-based administration of roles. ACM Transactions. Inf. Syst. Security, 2(1):105 -- 135, 1999. Google ScholarDigital Library
- R. Sandhu and F. Chen. Constraints for role-based access control. In 1st ACM Workshop on Role-based access control, 1996. Google ScholarDigital Library
- R. Sandhu, E. Coyne, H. Feinstein, and C. Youman. Role-based access control models. IEEE Computer, 29(2):38--47, 1996. Google ScholarDigital Library
- R. Sandhu, D. Ferraiolo, and R. Kuhn. The NIST model for role-based access control: Towards a unified standard. In 5th ACM Workshop on Role-based access control, Berlin, Germany, 2000. Google ScholarDigital Library
- A. Schaad. Conflict detection in a role-based delegation model. In 17th Annual Computer Security Applications Conference, New Orleans, 2001. Google ScholarDigital Library
- A. Schaad, J. Moffett, and J. Jacob. The access control system of a European bank - a case study. In 6th ACM Symposium on Access Control Models and Technologies (SACMAT), Chantilly, VA, USA, 2001. Google ScholarDigital Library
- R. Simon and M. Zurko. Separation of duty in role-based environments. In Computer Security Foundations Workshop X, Rockport, MA, 1997. Google ScholarDigital Library
Index Terms
- A lightweight approach to specification and analysis of role-based access control extensions
Recommendations
The role-based access control system of a European bank: a case study and discussion
SACMAT '01: Proceedings of the sixth ACM symposium on Access control models and technologiesResearch in the area of role-based access control has made fast progress over the last few years. However, little has been done to identify and describe existing role-based access control systems within large organisations. This paper describes the ...
Security analysis in role-based access control
The administration of large role-based access control (RBAC) systems is a challenging problem. In order to administer such systems, decentralization of administration tasks by the use of delegation is an effective approach. While the use of delegation ...
Practical Role-Based Access Control
This article presents access control from a general and a role-based perspective. The article's focus is role based Access Control from a practical vice a theoretical perspective. The article starts with some access control definitions and two secure ...
Comments