Skip to Main content Skip to Navigation
Conference papers

Automated and Efficient Analysis of Role-Based Access Control with Attributes

Abstract : We consider an extension of the Role-Based Access Control model in which rules assign users to roles based on attributes. We consider an open (allow-by-default) policy approach in which rules can assign users negated roles thus preventing access to the permissions associated to the role. The problems of detecting redundancies and inconsistencies are formally stated. By expressing the conditions on the attributes in the rules with formulae of theories that can be efficiently decided by Satisfiability Modulo Theories (SMT) solvers, we characterize the decidability and complexity of the problems of detecting redundancies and inconsistencies. The proof of the result is constructive and based on an algorithm that repeatedly solves SMT problems. An experimental evaluation with synthetic benchmark problems shows the practical viability of our technique.
Document type :
Conference papers
Complete list of metadata
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Thursday, June 8, 2017 - 11:06:30 AM
Last modification on : Friday, March 25, 2022 - 5:52:24 PM
Long-term archiving on: : Saturday, September 9, 2017 - 12:31:33 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Alessandro Armando, Silvio Ranise. Automated and Efficient Analysis of Role-Based Access Control with Attributes. 26th Conference on Data and Applications Security and Privacy (DBSec), Jul 2012, Paris, France. pp.25-40, ⟨10.1007/978-3-642-31540-4_3⟩. ⟨hal-01534765⟩



Record views


Files downloads