Automated and Efficient Analysis of Role-Based Access Control with Attributes

Abstract : We consider an extension of the Role-Based Access Control model in which rules assign users to roles based on attributes. We consider an open (allow-by-default) policy approach in which rules can assign users negated roles thus preventing access to the permissions associated to the role. The problems of detecting redundancies and inconsistencies are formally stated. By expressing the conditions on the attributes in the rules with formulae of theories that can be efficiently decided by Satisfiability Modulo Theories (SMT) solvers, we characterize the decidability and complexity of the problems of detecting redundancies and inconsistencies. The proof of the result is constructive and based on an algorithm that repeatedly solves SMT problems. An experimental evaluation with synthetic benchmark problems shows the practical viability of our technique.
Type de document :
Communication dans un congrès
Nora Cuppens-Boulahia; Frédéric Cuppens; Joaquin Garcia-Alfaro. 26th Conference on Data and Applications Security and Privacy (DBSec), Jul 2012, Paris, France. Springer, Lecture Notes in Computer Science, LNCS-7371, pp.25-40, 2012, Data and Applications Security and Privacy XXVI. 〈10.1007/978-3-642-31540-4_3〉
Liste complète des métadonnées

https://hal.inria.fr/hal-01534765
Contributeur : Hal Ifip <>
Soumis le : jeudi 8 juin 2017 - 11:06:30
Dernière modification le : lundi 29 octobre 2018 - 10:08:13
Document(s) archivé(s) le : samedi 9 septembre 2017 - 12:31:33

Fichier

978-3-642-31540-4_3_Chapter.pd...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Alessandro Armando, Silvio Ranise. Automated and Efficient Analysis of Role-Based Access Control with Attributes. Nora Cuppens-Boulahia; Frédéric Cuppens; Joaquin Garcia-Alfaro. 26th Conference on Data and Applications Security and Privacy (DBSec), Jul 2012, Paris, France. Springer, Lecture Notes in Computer Science, LNCS-7371, pp.25-40, 2012, Data and Applications Security and Privacy XXVI. 〈10.1007/978-3-642-31540-4_3〉. 〈hal-01534765〉

Partager

Métriques

Consultations de la notice

91

Téléchargements de fichiers

71