Security analysis in role-based access control

ACM Transactions on Information and System Security

Volumn 9, Issue 4, 2006, Pages 391-420

  Li, Ninghui ^a   Tripunitara, Mahesh V ^b  

^a PURDUE UNIVERSITY   (United States)

^b MOTOROLA INC   (United States)

Author keywords

Delegation; Role based access control; Role based administration; Trust management

Indexed keywords

DISCRETIONARY ACCESS CONTROL (DAC); ROLE-BASED ACCESS CONTROL (RBAC); ROLE-BASED ADMINISTRATION; TRUST-MANAGEMENT LANGUAGES;

ALGORITHMS; BOUNDARY VALUE PROBLEMS; COMPUTATIONAL COMPLEXITY; PROBLEM SOLVING; QUERY LANGUAGES; SECURITY OF DATA;

INFORMATION RETRIEVAL SYSTEMS;

EID: 33845517298     PISSN: 10949224     EISSN: 15577406     Source Type: Journal    
DOI: 10.1145/1187441.1187442     Document Type: Article

References (32)

1. AHN, G.-J. AND SANDHU, R. S. 2000. Role-based authorization constraints specification. ACM Transactions on Information and System Security 3, 4 (Nov.), 207-226.
2. CRAMPTON, J. 2002. Authorizations and antichains. Ph.D. thesis, Birbeck College, University of London, UK.
3. CRAMPTON, J. 2003. Specifying and enforcing constraints in role-based access control. In Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies (SACMAT2003). Como, Italy. 43-50.
4. CRAMPTON, J. AND LOIZOU, G. 2003. Administrative scope: A foundation for role-based administrative models. ACM Transactions on Information and System Security 6, 2 (May), 201-231.
5. FERRAIOLO, D. F., SANDHU, R. S., GAVRILA, S., KUHN, D. R., AND CHANDRAMOULI, R. 2001. Proposed NIST standard for role-based access control. ACM Transactions on Information and Systems Security 4, 3 (Aug.), 224-274.
6. FEHRAIOLO, D. F., CHANDRAMOULI, R., AHN, G.-J., AND GAVRILA, S. 2003. The role control center: Features and case studies. In Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies.
7. GAREY, M. R. AND JOHNSON, D. J. 1979. Computers And Intractability: A Guide to the Theory of NP-Completeness. Freeman, San Francisco, CA.
8. GRAHAM, G. S. AND DENNING, P. J. 1972. Protection - principles and practice. In Proceedings of the AFIPS Spring Joint Computer Conference. Vol. 40. AFIPS Press, Montvale, N.J. 417-429.
9. HARHISON, M. A., RUZZO, W. L., AND ULLMAN, J. D. 1976. Protection in operating systems. Communications of the ACM 19, 8 (Aug.), 461-471.
10. JAEGER, T. AND TIDSWELL, J. E. 2001. Practical safety in flexible access control models. ACM Transactions on Information and System Security 4, 2 (May), 158-190.
11. KOCH, M., MANCINI, L. V., AND PAHISI-PHESICCE, F. 2002a. Decidability of safety in graph-based models for access control. In Proceedings of the Seventh European Symposium on Research in Computer Security (ESORICS 2002). Springer, New York. 229-243.
12. KOCH, M., MANCINI, L. V., AND PAHISI-PHESICCE, F. 2002b. A graph-based formalism for RBAC. ACM Transactions on Information and System Security 5, 3 (Aug.), 332-365.
13. KOCH, M., MANCINI, L. V., AND PARISI-PRESICCE, F. 2004. Administrative scope in the graph-based framework. In Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies (SACMAT2004). 97-104.
14. LAMPSON, B. W. 1971. Protection. In Proceedings of the 6th Princeton Conference on Information Sciences and Systems,
15. Reprinted in ACM Operating Systems Review 8, 1, 18-24 (Jan 1974).
16. LI, N. AND TRIPUNITARA, M. V. 2004. Security analysis in role-based access control. In Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies (SACMAT 2004). 126-135.
17. LI, N., WINSBOROUGH, W. H., AND MITCHELL, J. C. 2003. Distributed credential chain discovery in trust management. Journal of Computer Security 11, 1 (Feb.), 35-86.
18. LI, N., MITCHELL, J. C., AND WINSBOROUGH, W. H. 2002. Design of a role-based trust management framework. In Proceedings of the 2002 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Washington, DC. 114-130.
19. LI, N., MITCHELL, J. C., AND WINSBOROUGH, W H. 2005. Beyond proof-of-compliance: Security analysis in trust management. Journal of the ACM 62, 3 (May), 474-514.
20. (Preliminary version appeared in Proceedings of 2003 IEEE Symposium on Security and Privacy.)
21. LIPTON, R. J. AND SNYDER, L. 1977. A linear time algorithm for deciding subject security. Journal of the ACM 24, 3, 455-464.
22. MUNAWEH, Q. AND SANDHU, R. S. 1999. Simulation of the augmented typed access matrix model (ATAM) using roles. In Proceedings of INFOSECU99 International Conference on Information and Security.
23. OH, S. AND SANDHU, R. S. 2002. A model for role admininstration using organization structure. In Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies (SACMAT 2002).
24. PARK, J. AND SANDHU, R. S. 2004. The UCON ABC usage control model. ACM Transactions on Information and System Security 7, 128-174.
25. SANDHU, R. S. 1988. The schematic protection model: Its definition and analysis for acyclic attenuating systems. Journal of the ACM 36, 2, 404-432.
26. SANDHU, R. S. 1992. The typed access matrix model. In Proceedings of the 1992 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Washington, DC. 122-136.
27. SANDHU, R. S., COYNE, E. J., FEINSTEIN, H. L., AND YOUMAN, C. E. 1996. Role-based access control models. IEEE Computer 29, 2 (Feb.), 38-47.
28. SANDHU, R. S., BHAMIDIPATI, V., AND MUNAWER, Q. 1999. The ARBAC97 model for role-based aministration of roles. ACM Transactions on Information and Systems Security 2, 1 (Feb.), 105-135.
29. SCHAAD, A., MOFFETT, J., AND JACOB, J. 2001. The role-based access control system of a European bank: A case study and discussion. In Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies. ACM Press, New York. 3-9.
30. TRIPUNITARA, M. V. AND LI, N. 2004. Comparing the expressive power of access control models. In Proceedings of 11th ACM Conference on Computer and Communications Security (CCS-11). ACM Press, New York. 62-71.
31. ZHANG, X., PARK, J., PAHISI-PRESICCE, F., AND SANDHU, R. S. 2004. A logical specification for usage control. In Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies (SACMAT 2004).
32. ZHANG, X., PARISI-PRESICCE, F., SANDHU, R. S., AND PARK, J. 2005. Formal model and policy specification of usage control. ACM Transactions on Information and System Security 8, 351-387.