An efficient framework for user authorization queries in RBAC systems

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

An efficient framework for user authorization queries in RBAC systems

Full text

Pdf (457 KB)

Source

Symposium on Access Control Models and Technologies archive
Proceedings of the 14th ACM symposium on Access control models and technologies table of contents

Stresa, Italy

SESSION: Security analysis and verification table of contents

Pages 23-32

Year of Publication: 2009

ISBN:978-1-60558-537-6

Authors

Guneshi T. Wickramaarachchi	Purdue University, West Lafayette, IN, USA
Wahbeh H. Qardaji	Purdue University, West Lafayette, IN, USA
Ninghui Li	Purdue University, West Lafayette, IN, USA

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 19, Downloads (12 Months): 87, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1542207.1542213 What is a DOI?

ABSTRACT

The User Authorization Query (UAQ) Problem for RBAC, introduced by Zhang and Joshi, is to determine the set of roles to be activated in a single session for a particular set of permissions requested by the user. This set of roles must satisfy constraints that prevent certain combinations of roles to be activated in one session, and should follow the least privilege principle. We show that the existing approach to the UAQ problem is inadequate, and propose two approaches for solving the UAQ problem. In the first approach, we develop algorithms that use the backtracking-based search techniques developed in the artificial intelligence community. In the second approach, we reduce the problem to the MAXSAT problem which can be solved using available SAT solvers. We have implemented both approaches and experimentally evaluated them.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	zChaff http://www.princeton.edu/~chaff/zchaff.html.
	2	Siqing Du , James B. D. Joshi, Supporting authorization query and inter-domain role mapping in presence of hybrid role hierarchy, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA [doi>10.1145/1133058.1133090]
	3	Z. Fu and S. Malik. On Solving the Partial MAX-SAT Problem. In ESORICS '04: Proceedings of Theory and Applications of Satisfiability Testing -- SAT 2006, pp. 252--265, 2006.
	4	James B D Joshi , Elisa Bertino , Arif Ghafoor, Temporal hierarchies and inheritance semantics for GTRBAC, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA [doi>10.1145/507711.507724]
	5	Ninghui Li , Ji-Won Byun , Elisa Bertino, A Critique of the ANSI Standard on Role-Based Access Control, IEEE Security and Privacy, v.5 n.6, p.41-49, November 2007 [doi>10.1109/MSP.2007.158]
	6	Ninghui Li , Mahesh V. Tripunitara , Ziad Bizri, On mutually exclusive roles and separation-of-duty, ACM Transactions on Information and System Security (TISSEC), v.10 n.2, p.5-es, May 2007 [doi>10.1145/1237500.1237501]
	7	Carsten Sinz, Visualizing SAT Instances and Runs of the DPLL Algorithm, Journal of Automated Reasoning, v.39 n.2, p.219-243, August 2007 [doi>10.1007/s10817-007-9074-1]
	8	Yue Zhang , James B. D. Joshi, UAQ: a framework for user authorization query processing in RBAC extended with hybrid hierarchy and constraints, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA [doi>10.1145/1377836.1377850]