A formal model for Role-Based Access Control using graph transformation

被引:0
|
作者
Koch, M [1 ]
Mancini, LV [1 ]
Parisi-Presicce, F [1 ]
机构
[1] Univ Roma La Sapienza, Dipartimento Sci Informaz, I-00198 Rome, Italy
关键词
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Role-Based Access Control (RBAC) is supported directly or in a closely related form, by a number of products. This paper presents a formalization of RBAC using graph transformations which is a graphical specification technique based on a generalization to nonlinear structures of classical string grammars. The proposed formalization provides an intuitive description for the manipulation of graph structures as they occur in information systems access control, a specification of static and dynamic consistency conditions on graphs and graph trasformations, a uniform treatment of user roles and administrative roles, and a detailed analysis of the decentralization of administrative roles. Moreover, the properties of a given RBAC specification can be verified by employing one of the graph transformation tools available.
引用
收藏
页码:122 / 139
页数:18
相关论文
共 50 条
  • [1] A formal model for parameterized role-based access control
    Abdallah, AE
    Khayat, EJ
    [J]. FORMAL ASPECTS IN SECURITY AND TRUST, 2005, 173 : 233 - 246
  • [2] A formal model for role-based access control with constraints
    Giuri, L
    Iglio, P
    [J]. 9TH IEEE COMPUTER SECURITY FOUNDATIONS WORKSHOP, PROCEEDINGS, 1996, : 136 - 145
  • [3] Meta objects for access control: A formal model for role-based principals
    Riechmann, T
    Hauck, FJ
    [J]. NEW SECURITY PARADIGMS WOEKSHOP, PROCEEDINGS, 1999, : 30 - 38
  • [4] Role-Based Access Control on Graph Databases
    Chabin, Jacques
    Ciferri, Cristina D. A.
    Halfeld-Ferrari, Mirian
    Hara, Carmem S.
    Penteado, Raqueline R. M.
    [J]. SOFSEM 2021: THEORY AND PRACTICE OF COMPUTER SCIENCE, 2021, 12607 : 519 - 534
  • [5] Extending a Role Graph for Role-Based Access Control
    Asakura, Yoshiharu
    Nakamoto, Yukikazu
    [J]. IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS, 2009, E92D (02): : 211 - 219
  • [6] Designing role-based access control using formal concept analysis
    Kumar, Ch. Aswani
    [J]. SECURITY AND COMMUNICATION NETWORKS, 2013, 6 (03) : 373 - 383
  • [7] An application using role-based access control model
    Wang, G
    Cong, B
    Chen, N
    Lan, M
    Yan, HT
    [J]. PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON PARALLEL AND DISTRIBUTED PROCESSING TECHNIQUES AND APPLICATIONS, VOLS I-V, 2000, : 369 - 375
  • [8] On the formal analysis of a spatio-temporal role-based access control model
    Toahchoodee, Manachai
    Ray, Indrakshi
    [J]. DATA AND APPLICATIONS SECURITY XXII, 2008, 5094 : 17 - 32
  • [9] Using Graph Theory to Represent a Spatio-Temporal Role-Based Access Control Model
    Toahchoodee, Manachai
    Ray, Indrakshi
    McConnell, Ross M.
    [J]. INTERNATIONAL JOURNAL OF NEXT-GENERATION COMPUTING, 2010, 1 (02): : 231 - 250
  • [10] Toward Formal Verification of Role-Based Access Control Policies
    Jha, Somesh
    Li, Ninghui
    Tripunitara, Mahesh
    Wang, Qihua
    Winsborough, William H.
    [J]. IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2008, 5 (04) : 242 - 255