HAL will be down for maintenance from Friday, June 10 at 4pm through Monday, June 13 at 9am. More information
Skip to Main content Skip to Navigation
Conference papers

Policy Analysis for Administrative Role Based Access Control without Separate Administration

Abstract : Access control is widely used in large systems for restricting resource access to authorized users. In particular, role based access control (RBAC) is a generalized approach to access control and is well recognized for its many advantages in managing authorization policies.This paper considers user-role reachability analysis of administrative role based access control (ARBAC), which defines administrative roles and specifies how members of each administrative role can change the RBAC policy. Most existing works on user-role reachability analysis assume the separate administration restriction in ARBAC policies. While this restriction greatly simplifies the user-role reachability analysis, it also limits the expressiveness and applicability of ARBAC. In this paper, we consider analysis of ARBAC without the separate administration restriction and present new techniques to reduce the number of ARBAC rules and users considered during analysis. We also present a number of parallel algorithms that speed up the analysis on multi-core systems. The experimental results show that our techniques significantly reduce the analysis time, making it practical to analyze ARBAC without separate administration.
Document type :
Conference papers
Complete list of metadata

Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Wednesday, March 15, 2017 - 5:16:20 PM
Last modification on : Tuesday, October 19, 2021 - 12:50:52 PM
Long-term archiving on: : Friday, June 16, 2017 - 3:03:29 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Ping Yang, Mikhail Gofman, Zijiang Yang. Policy Analysis for Administrative Role Based Access Control without Separate Administration. 27th Data and Applications Security and Privacy (DBSec), Jul 2013, Newark, NJ, United States. pp.49-64, ⟨10.1007/978-3-642-39256-6_4⟩. ⟨hal-01490717⟩



Record views


Files downloads