Sciweavers

CSFW
2006
IEEE

Policy Analysis for Administrative Role Based Access Control

14 years 5 months ago
Policy Analysis for Administrative Role Based Access Control
Role-Based Access Control (RBAC) is a widely used model for expressing access control policies. In large organizations, the RBAC policy may be collectively managed by many administrators. Administrative RBAC (ARBAC) is a model for expressing the authority of administrators, thereby specifying how an organization’s RBAC policy may change. Changes by one administrator may interact in unintended ways with changes by other administrators. Consequently, the effect of an ARBAC policy is hard to understand by simple inspection. In this paper, we consider the problem of analyzing ARBAC policies, in particular to determine reachability properties (e.g., whether a user can eventually be assigned to a role by a group of administrators) and availability properties (e.g., whether a user cannot be removed from a role by a group of administrators) implied by a policy. We first establish the connection between security policy analysis and planning in Artificial Intelligence. Based partly on this ...
Amit Sasturkar, Ping Yang, Scott D. Stoller, C. R.
Added 10 Jun 2010
Updated 10 Jun 2010
Type Conference
Year 2006
Where CSFW
Authors Amit Sasturkar, Ping Yang, Scott D. Stoller, C. R. Ramakrishnan
Comments (0)