Policy Analysis for Administrative Role Based Access Control without Separate Administration

Abstract : Access control is widely used in large systems for restricting resource access to authorized users. In particular, role based access control (RBAC) is a generalized approach to access control and is well recognized for its many advantages in managing authorization policies.This paper considers user-role reachability analysis of administrative role based access control (ARBAC), which defines administrative roles and specifies how members of each administrative role can change the RBAC policy. Most existing works on user-role reachability analysis assume the separate administration restriction in ARBAC policies. While this restriction greatly simplifies the user-role reachability analysis, it also limits the expressiveness and applicability of ARBAC. In this paper, we consider analysis of ARBAC without the separate administration restriction and present new techniques to reduce the number of ARBAC rules and users considered during analysis. We also present a number of parallel algorithms that speed up the analysis on multi-core systems. The experimental results show that our techniques significantly reduce the analysis time, making it practical to analyze ARBAC without separate administration.
Type de document :
Communication dans un congrès
Lingyu Wang; Basit Shafiq. 27th Data and Applications Security and Privacy (DBSec), Jul 2013, Newark, NJ, United States. Springer, Lecture Notes in Computer Science, LNCS-7964, pp.49-64, 2013, Data and Applications Security and Privacy XXVII. 〈10.1007/978-3-642-39256-6_4〉
Liste complète des métadonnées

https://hal.inria.fr/hal-01490717
Contributeur : Hal Ifip <>
Soumis le : mercredi 15 mars 2017 - 17:16:20
Dernière modification le : jeudi 16 mars 2017 - 09:24:24
Document(s) archivé(s) le : vendredi 16 juin 2017 - 15:03:29

Fichier

978-3-642-39256-6_4_Chapter.pd...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Ping Yang, Mikhail Gofman, Zijiang Yang. Policy Analysis for Administrative Role Based Access Control without Separate Administration. Lingyu Wang; Basit Shafiq. 27th Data and Applications Security and Privacy (DBSec), Jul 2013, Newark, NJ, United States. Springer, Lecture Notes in Computer Science, LNCS-7964, pp.49-64, 2013, Data and Applications Security and Privacy XXVII. 〈10.1007/978-3-642-39256-6_4〉. 〈hal-01490717〉

Partager

Métriques

Consultations de la notice

32

Téléchargements de fichiers

33