Article

A lightweight approach to specification and analysis of role-based access control extensions

Authors:
Andreas Schaad

University of York, York, United Kingdom

University of York, York, United Kingdom
View Profile

,
Jonathan D. Moffett

University of York, York, United Kingdom

University of York, York, United Kingdom
View Profile

SACMAT '02: Proceedings of the seventh ACM symposium on Access control models and technologiesJune 2002Pages 13–22https://doi.org/10.1145/507711.507714

Published:03 June 2002Publication History

SACMAT '02: Proceedings of the seventh ACM symposium on Access control models and technologies

Pages 13–22

ABSTRACT

Role-based access control is a powerful and policy-neutral concept for enforcing access control. Many extensions have been proposed, the most significant of which are the decentralised administration of role-based systems and the enforcement of constraints. However, the simultaneous integration of these extensions can cause conflicts in a later system implementation. We demonstrate how we use the Alloy language for the specification of a conflict-free role-based system. This specification provides us at the same time with a suitable basis for further analysis by the Alloy constraint analyser.

References

G. Ahn. RCL 2000. Phd dissertation, George Mason University, 2000.Google Scholar
D. Clark and D. Wilson. A comparison of commercial and military security policies. In IEEE Symposium on Security and Privacy, pages 184--194, Oakland, California, 1987.Google ScholarCross Ref
V. Gligor, S. Gavrila, and D. Ferraiolo. On the formal definition of separation-of-duty policies and their composition. In IEEE Symposium on Security and Privacy, pages 172--185, Oakland, CA, 1998.Google ScholarCross Ref
D. Jackson. Alloy: A leightweight object modelling notation. Technical Report 797, MIT Laboratory for Computer Science, 2000.Google Scholar
D. Jackson, I. Schechter, and I. Shlyakhter. Alcoa: the Alloy constraint analyzer. In Proc. International Conference on Software Engineering, Limerick, Ireland, 2000. Google ScholarDigital Library
T. Jaeger and J. Tidswell. Practical safety in flexible access control models. ACM Transactions on Information and System Security (TISSEC), 4(2), 2001. Google ScholarDigital Library
R. Kuhn. Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems. In 2nd ACM workshop on Role-based access control, pages 23--30, 1997. Google ScholarDigital Library
J. Moffett. Control principles and role hierarchies. In 3rd ACM Workshop on Role Based Access Control, pages 63--72, George Mason University, Fairfax, VA, 1998. Google ScholarDigital Library
J. Moffett and E. Lupu. The uses of role hierarchies in access control. In 4th ACM Workshop on Role-Based Access Control, pages 153--160, Fairfax, Virginia, 1999. Google ScholarDigital Library
M. Nash and K. Poland. Some conundrums concerning separation of duty. In IEEE Symposium on Security and Privacy, pages 201--209, Oakland, CA, 1990.Google ScholarCross Ref
R. Sandhu, V. Bhamidipati, and Q. Munawer.The ARBAC97 model for role-based administration of roles. ACM Transactions. Inf. Syst. Security, 2(1):105 -- 135, 1999. Google ScholarDigital Library
R. Sandhu and F. Chen. Constraints for role-based access control. In 1st ACM Workshop on Role-based access control, 1996. Google ScholarDigital Library
R. Sandhu, E. Coyne, H. Feinstein, and C. Youman. Role-based access control models. IEEE Computer, 29(2):38--47, 1996. Google ScholarDigital Library
R. Sandhu, D. Ferraiolo, and R. Kuhn. The NIST model for role-based access control: Towards a unified standard. In 5th ACM Workshop on Role-based access control, Berlin, Germany, 2000. Google ScholarDigital Library
A. Schaad. Conflict detection in a role-based delegation model. In 17th Annual Computer Security Applications Conference, New Orleans, 2001. Google ScholarDigital Library
A. Schaad, J. Moffett, and J. Jacob. The access control system of a European bank - a case study. In 6th ACM Symposium on Access Control Models and Technologies (SACMAT), Chantilly, VA, USA, 2001. Google ScholarDigital Library
R. Simon and M. Zurko. Separation of duty in role-based environments. In Computer Security Foundations Workshop X, Rockport, MA, 1997. Google ScholarDigital Library

Index Terms

A lightweight approach to specification and analysis of role-based access control extensions
1. Software and its engineering
  1. Software organization and properties
    1. Software functional properties
      1. Formal methods
        Model checking
2. Theory of computation
  1. Logic
    1. Verification by model checking

Recommendations

The role-based access control system of a European bank: a case study and discussion
SACMAT '01: Proceedings of the sixth ACM symposium on Access control models and technologies

Research in the area of role-based access control has made fast progress over the last few years. However, little has been done to identify and describe existing role-based access control systems within large organisations. This paper describes the ...
Read More
Security analysis in role-based access control

The administration of large role-based access control (RBAC) systems is a challenging problem. In order to administer such systems, decentralization of administration tasks by the use of delegation is an effective approach. While the use of delegation ...
Read More
Practical Role-Based Access Control

This article presents access control from a general and a role-based perspective. The article's focus is role based Access Control from a practical vice a theoretical perspective. The article starts with some access control definitions and two secure ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
SACMAT '02: Proceedings of the seventh ACM symposium on Access control models and technologies
June 2002
170 pages
ISBN:1581134967
DOI:10.1145/507711
General Chair:
Ravi Sandhu
George Mason University and SingleSignOn.Net
,
Program Chair:
Elisa Bertino
University of Milano, Italy
Copyright © 2002 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 3 June 2002
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
ARBAC97
alloy
separation of duties
Qualifiers
- Article
Conference

Acceptance Rates
Overall Acceptance Rate177of597submissions,30%
Upcoming Conference
SACMAT 2024

Sponsor:

sigsac

The 29th ACM Symposium on Access Control Models and Technologies

May 15 - 17, 2024

San Antonio , TX , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 53
  Total Citations
  View Citations
- 874
  Total Downloads
- Downloads (Last 12 months)3
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

A lightweight approach to specification and analysis of role-based access control extensions

SACMAT '02: Proceedings of the seventh ACM symposium on Access control models and technologies

ABSTRACT

References

Cited By

Index Terms

Recommendations

The role-based access control system of a European bank: a case study and discussion

Security analysis in role-based access control

Practical Role-Based Access Control