Policy analysis for administrative role based access control

Proceedings of the Computer Security Foundations Workshop

Volumn 2006, Issue , 2006, Pages 133-138

  Sasturkar, Amit ^a   Yang, Ping ^a   Stoller, Scott D ^a   Ramakrishnan, C R ^a  

^a Stony Brook University   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ALGORITHMS; COMPUTATIONAL METHODS; COMPUTER PROGRAMMING LANGUAGES; SECURITY OF DATA; USER INTERFACES;

POLICY ANALYSIS; POLICY LANGUAGE; ROLE BASED ACCESS CONTROL (RBAC);

ACCESS CONTROL;

EID: 33947695249     PISSN: 10636900     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSFW.2006.22     Document Type: Conference Paper

References (30)

1. American National Standards Institute (ANSI), International Committee for Information Technology Standards (INCITS). Role-based access control. ANSI INCITS Standard 359-2904, Feb. 2004.
2. C. Bäckström and I. Klein. Parallel non-binary planning in polynomial time. In Proc. IJCAI '91, pages 268-273, 1991.
3. C. Bäckström and B. Nebel. Complexity results for SAS+ planning. Computational Intelligence, 11(4):625-656, 1995.
4. A. K. Bandara, E. C. Lupu, and A. Russo. Using event calculus to formalise policy specification and analysis. In Proc. 4th IEEE Workshop on Policies for Distributed Systems and Networks, 2003.
5. M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized trust management. In Proc. 1996 IEEE Symposium on Security and Privacy, pages 164-173, May 1996.
6. T. Bylander. The computational complexity of prepositional STRIPS planning. Artificial Intelligence, 69(1-2):165-204, 1994.
7. L. Cholvy and F. Cuppens. Analysing consistency of security policies. In Proc. IEEE Symposium on Security and Privacy, 1997.
8. D. D. Clark and D. R. Wilson. A comparison of commercial and military security policies. In Proc. 1987 IEEE Symposium on Security and Privacy, pages 184-194, 1987.
9. K. Fisler, S. Krishnamurthi, L. A. Meyerovich, and M. C. Tschantz. Verification and change-impact analysis of access-control policies. In Proc. 22nd International Conference on Software Engineering (ICSE), pages 196-205, 2005.
10. D. P. Guelev, M. Ryan, and P.-Y. Schobbens. Model-checking access control policies. In Proc. 7th Information Security Conference (ISC), pages 219-230, 2004.
11. J. D. Guttman, A. L. Herzog, and J. D. Ramsdell. Information flow in operating systems: Eager formal methods. In Proc. 2003 Workshop on Issues in the Theory of Security (WITS), 2003.
12. M. A. Harrison, W. L. Ruzzo, and J. D. Ullman. Protection in operating systems. Communications of the ACM, 19(8):461-471, 1976.
13. D. Jackson, I. Schechter, and I. Shlyakhter. Alcoa: the alloy constraint analyzer. In Proc. 22nd International Conference on Software Engineering (ICSE), pages 730-733, 2000.
14. T. Jaeger, A. Edwards, and X. Zhang. Policy management using access control spaces. In ACM Transactions on Information Systems Security, Aug. 2003.
15. T. Jaeger, R. Sailer, and X. Zhang. Analyzing integrity protection in the SELinux example policy. In Proc. USENIX Security Symposium, Aug. 2003.
16. S. Jajodia, P. Samarati, and V. S. Subrahmanian. A logical language for expressing authorizations. In Proc. 1997 IEEE Symposium on Security and Privacy, pages 31-42, 1997.
17. S. Jha and T. Reps. Model-checking SPKI-SDSI. Journal of Computer Security, 12:317-353, 2004.
18. R. M. Karp. Reducibility among combinatorial problems. In Complexity of Computer Computations, pages 85-103. Plenum, 1972.
19. N. Li, Z. Bizri, and M. V. Tripunitara. On mutuallyexclusive roles and separation of duty. In In Proc. ACM Conference on Computer and Communications Security (CCS), pages 42-51, Oct. 2004.
20. N. Li and J. C. Mitchell. RT: A role-based trust-management framework. In Proc. Third DARPA Information Survivability Conference and Exposition (DISCEX III), pages 201-212. IEEE Computer Society Press, 2003.
21. N. Li, J. C. Mitchell, and W. H. Winsborough. Beyond proof-of-compliance: Security analysis in trust management. Journal of the ACM, 2005. To appear.
22. N. Li and M. V. Tripunitara. Security analysis in role-based access control. In Proc. 9th ACM Symposium on Access Control. Models and Techniques (SACMAT), June 2004.
23. R. J. Lipton and L. Snyder. A linear time algorithm for deciding subject security. J. ACM, 24(3):455-464, 1977.
24. R. Sandhu. The schematic protection model: its definition and analysis for acyclic attenuating schemes. Journal of the ACM, 35(2):404-432, 1988.
25. R. Sandhu. The typed access matrix model. In Proceedings of the IEEE Symposium on Security and Privacy, pages 122-136, 1992.
26. R. Sandhu, V. Bhamidipati, and Q. Munawer. The ARBAC97 model for role-based administration of roles. ACM Trans. Inf. Syst. Secur., 2(1):105-135, 1999.
27. R. Sandhu, E. Coyne, H. Feinstein, and C. Youman. Role-based access control models. IEEE Computer, 29(2):38-47, Feb. 1996.
28. A. Sasturkar, P. Yang, S. D. Stoller, and C. R. Ramakrishnan. Policy analysis for administrative role-based access control. Technical report, Stony Brook University, 2006. Available from http://www.cs.sunysb.edu/~stoller/arbac. html.
29. A. Schaad, J. Moffett, and J. Jacob. The role-based access control system of a European bank: A case study and discussion. In Proc. 6th ACM Symposium on Access Control Models and Technologies (SACMAT), pages 3-9, 2001.
30. A. Schaad and J. D. Moffett. A lightweight approach to specification and analysis of role-based access control extensions. In Proc. 7th ACM Symposium on Access Control Models and Technologies (SACMAT), pages 13-22, 2002.