Authorization constraints specification of RBAC

被引：0

作者：

Han, Lilong ^{[1
]}

Liu, Qingtan ^{[1
]}

Yang, Zongkai ^{[1
]}

机构：

[1] Cent China Normal Univ, Dept Informat & Technol, Engn Res Ctr Educ Informat Technol, Wuhan 430079, Peoples R China

来源：

INFORMATION SECURITY APPLICATIONS | 2007年 / 4867卷

关键词：

RBAC; constraints; RCL2000; SOD; DSOD;

D O I：

暂无

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

Constraints are an important aspect of role-based access control (RBAC) and are often regarded as one of the principle motivations behind RBAC. Although the importance of the constraints in RBAC has been recognized for a long time, they have not received much attention. In this article, we introduce an intuitive formal language for specifying role-based authorization constraints named RCL2000 including its basic elements, syntax and semantics. We show how previously identified role-based authorization constraints such as separation of duty (SOD) can be expressed in this language, and that there are other significant SOD properties that have not been previously identified in the literature. Our work indicates that there are many alternate formulations of even the simplest SOD properties, with varying degree of flexibility and assurance. So this language provides us a rigorous foundation for systematic study of role-based authorization constraints.

引用

页码：266 / 276

页数：11

共 50 条

[1] Authorization Constraints Specification and Enforcement
Zhou, Wei
Meinel, Christoph
Xiang, Yidong
Shao, Yang
[J]. JOURNAL OF INFORMATION ASSURANCE AND SECURITY, 2008, 3 (01): : 38 - 50
[2] On the Complexity of Authorization in RBAC under Qualification and Security Constraints
Sun, Yuqing
Wang, Qihua
Li, Ninghui
Bertino, Elisa
Atallah, Mikhail J.
[J]. IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2011, 8 (06) : 883 - 897
[3] VeRA: Verifying RBAC and Authorization Constraints Models of Web Applications
Thanh-Nhan Luong
Hanh-Phuc Nguyen
Ninh-Thuan Truong
[J]. INTERNATIONAL JOURNAL OF SOFTWARE ENGINEERING AND KNOWLEDGE ENGINEERING, 2021, 31 (05) : 655 - 675
[4] Specification and verification of workflows with RBAC mechanism and SoD constraints
Kong, Weiqiang
Ogata, Kazuhiro
Futatsugi, Kokichi
[J]. INTERNATIONAL JOURNAL OF SOFTWARE ENGINEERING AND KNOWLEDGE ENGINEERING, 2007, 17 (01) : 3 - 32
[5] A verifiable formal specification for RBAC model with constraints of separation of duty
Yuan, Chunyang
He, Yeping
He, Jianbo
Zhou, Zhouyi
[J]. INFORMATION SECURITY AND CRYPTOLOGY, PROCEEDINGS, 2006, 4318 : 196 - +
[6] Authorization Recycling in RBAC Systems
Wei, Qiang
Beznosov, Konstantin
Crampton, Jason
Ripeanu, Matei
[J]. SACMAT'08: PROCEEDINGS OF THE 13TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES, 2008, : 63 - 72
[7] UAQ: A Framework for User Authorization Query Processing in RBAC extended with Hybrid Hierarchy and Constraints
Zhang, Yue
Joshi, James B. D.
[J]. SACMAT'08: PROCEEDINGS OF THE 13TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES, 2008, : 83 - 91
[8] Visual modeling and formal specification of constraints of RBAC using semantic web technology
Kwon, JuHum
Moon, Chang-Joo
[J]. KNOWLEDGE-BASED SYSTEMS, 2007, 20 (04) : 350 - 356
[9] Authorization Recycling in Hierarchical RBAC Systems
Wei, Qiang
Crampton, Jason
Beznosov, Konstantin
Ripeanu, Matei
[J]. ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY, 2011, 14 (01)
[10] Role-based authorization constraints specification using object constraint language
Ahn, GJ
Shin, ME
[J]. PROCEEDINGS OF THE TENTH IEEE INTERNATIONAL WORKSHOPS ON ENABLING TECHNOLOGIES: INFRASTRUCTURE FOR COLLABORATIVE ENTERPRISES, 2001, : 157 - 162

← 1 2 3 4 5 →