ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
A graph-based formalism for RBAC
Full text PdfPdf (820 KB)
Source ACM Transactions on Information and System Security (TISSEC) archive
Volume 5 ,  Issue 3  (August 2002) table of contents
Pages: 332 - 365  
Year of Publication: 2002
ISSN:1094-9224
Authors
Manuel Koch  Freie Universit at Berlin
Luigi V. Mancini  Universita di Roma La Sapienza
Francesco Parisi-Presicce  Universita di Roma La Sapienza
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 10,   Downloads (12 Months): 95,   Citation Count: 20
Additional Information:

abstract   references   cited by   index terms   review   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/545186.545191
What is a DOI?

ABSTRACT

Role-Based Access Control (RBAC) is supported directly or in a closely related form, by a number of products. This article presents a formalization of RBAC using graph transformations that is a graphical specification technique based on a generalization of classical string grammars to nonlinear structures. The proposed formalization provides an intuitive description for the manipulation of graph structures as they occur in information systems access control and a precise specification of static and dynamic consistency conditions on graphs and graph transformations. The formalism captures the RBAC models published in the literature, and also allows a uniform treatment of user roles and administrative roles, and a detailed analysis of the decentralization of administrative roles.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Aho, A. V., Garey, M. R., and Ullman, J. D. 1972. The transitive reduction of a directed graph. SIAM J. Comput. 1, 2, 131--137.
 
2
Baldwin, R. 1990. Naming & grouping privileges to simplify security management in large databases. In Proceedings of the 1990 IEEE Symposium on Research in Security and Privacy. IEEE Computer Society Press, Los Alamitos, Calif., pp. 116--132.
 
3
H. Ehrig , G. Engels , H.-J. Kreowski , G. Rozenberg, Handbook of graph grammars and computing by graph transformation: vol. 2: applications, languages, and tools, World Scientific Publishing Co., Inc., River Edge, NJ, 1999
4
David F. Ferraiolo , Ravi Sandhu , Serban Gavrila , D. Richard Kuhn , Ramaswamy Chandramouli, Proposed NIST standard for role-based access control, ACM Transactions on Information and System Security (TISSEC), v.4 n.3, p.224-274, August 2001  [doi>10.1145/501978.501980]
5
Serban I. Gavrila , John F. Barkley, Formal specification for role based access control user/role and role/role relationship management, Proceedings of the third ACM workshop on Role-based access control, p.81-90, October 22-23, 1998, Fairfax, Virginia, United States  [doi>10.1145/286884.286902]
 
6
Martin Große-Rhode , Francesco Parisi-Presicce , Marta Simeoni, Refinements of Graph Transformation Systems via Rule Expressions, Selected papers from the 6th International Workshop on Theory and Application of Graph Transformations, p.368-382, November 16-20, 1998
 
7
Heckel, R., and Wagner, A. 1995. Ensuring consistency of conditional graph grammars--A constructive approach. In Proceedings of SEGRAGRA'95, Volume 2 of Electronic Notes of TCS A. Corradini, and U. Montanari, eds. Elsevier North-Holland, Amsterdam, The Netherlands, pp. 95--103. http://www.elsevier.nl/locate/entcs/volume2.html.
 
8
Manuel Koch , Luigi V. Mancini , Francesco Parisi-Presicce, A Formal Model for Role-Based Access Control Using Graph Transformation, Proceedings of the 6th European Symposium on Research in Computer Security, p.122-139, October 04-06, 2000
9
M. Koch , L. V. Mancini , F. Parisi-Presicce, On the specification and evolution of access control policies, Proceedings of the sixth ACM symposium on Access control models and technologies, p.121-130, May 2001, Chantilly, Virginia, United States  [doi>10.1145/373256.373280]
 
10
Manuel Koch , Luigi V. Mancini , Francesco Parisi-Presicce, Decidability of Safety in Graph-Based Models for Access Control, Proceedings of the 7th European Symposium on Research in Computer Security, p.229-243, October 14-16, 2002
 
11
Matunda Nyanchama , Sylvia L. Osborn, Access Rights Administration in Role-Based Security Systems, Proceedings of the IFIP WG11.3 Working Conference on Database Security VII, p.37-56, August 23-26, 1994
12
Matunda Nyanchama , Sylvia Osborn, The role graph model and conflict of interest, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.3-33, Feb. 1999  [doi>10.1145/300830.300832]
13
Sylvia Osborn , Ravi Sandhu , Qamar Munawer, Configuring role-based access control to enforce mandatory and discretionary access control policies, ACM Transactions on Information and System Security (TISSEC), v.3 n.2, p.85-106, May 2000  [doi>10.1145/354876.354878]
 
14
Grzegorz Rozenberg, Handbook of graph grammars and computing by graph transformation: volume I. foundations, World Scientific Publishing Co., Inc., River Edge, NJ, 1997
 
15
Sandhu, R. S. 1998. Role-based access control. In Advances in Computers, Vol. 46. Academic Press, Orlands, Fla.
16
Ravi Sandhu , Venkata Bhamidipati , Qamar Munawer, The ARBAC97 model for role-based administration of roles, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.105-135, Feb. 1999  [doi>10.1145/300830.300839]
 
17
Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996  [doi>10.1109/2.485845]
18
Ravi Sandhu , David Ferraiolo , Richard Kuhn, The NIST model for role-based access control: towards a unified standard, Proceedings of the fifth ACM workshop on Role-based access control, p.47-63, July 26-28, 2000, Berlin, Germany  [doi>10.1145/344287.344301]

CITED BY  20
Basit Shafiq , James B. D. Joshi , Elisa Bertino , Arif Ghafoor, Secure Interoperation in a Multidomain Environment Employing RBAC Policies, IEEE Transactions on Knowledge and Data Engineering, v.17 n.11, p.1557-1577, November 2005
Trent Jaeger , Xiaolan Zhang , Fidel Cacheda, Policy management using access control spaces, ACM Transactions on Information and System Security (TISSEC), v.6 n.3, p.327-364, August 2003
M. Koch , L. V. Mancini , F. Parisi-Presicce, Administrative scope in the graph-based framework, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
Indrakshi Ray , Na Li , Robert France , Dae-Kyoo Kim, Using uml to visualize role-based access control constraints, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
Manuel Koch , L. V. Mancini , Francesco Parisi-Presicce, Graph-based specification of access control policies, Journal of Computer and System Sciences, v.71 n.1, p.1-33, July 2005
Eunjee Song , Raghu Reddy , Robert France , Indrakshi Ray , Geri Georg , Roger Alexander, Verifiable composition of access control and application features, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden
Manuel Koch , Francesco Parisi-Presicce, Formal access control analysis in the software development process, Proceedings of the 2003 ACM workshop on Formal methods in security engineering, p.67-76, October 30, 2003, Washington, D.C.
Jason Crampton , George Loizou, Administrative scope: A foundation for role-based administrative models, ACM Transactions on Information and System Security (TISSEC), v.6 n.2, p.201-231, May 2003
Ninghui Li , Mahesh V. Tripunitara , Qihua Wang, Resiliency policies in access control, Proceedings of the 13th ACM conference on Computer and communications security, October 30-November 03, 2006, Alexandria, Virginia, USA
Ninghui Li , Mahesh V. Tripunitara, Security analysis in role-based access control, ACM Transactions on Information and System Security (TISSEC), v.9 n.4, p.391-420, November 2006
Guoli Ding , Jianhua Chen , R. F. Lax , Peter P. Chen, Graph-theoretic method for merging security system specifications, Information Sciences: an International Journal, v.177 n.10, p.2152-2166, May, 2007
JuHum Kwon , Chang-Joo Moon, Visual modeling and formal specification of constraints of RBAC using semantic web technology, Knowledge-Based Systems, v.20 n.4, p.350-356, May, 2007
Tanvir Ahmed , Anand R. Tripathi, Specification and verification of security requirements in a programming model for decentralized CSCW systems, ACM Transactions on Information and System Security (TISSEC), v.10 n.2, p.7-es, May 2007
Gail-Joon Ahn , Hongxin Hu, Towards realizing a formal RBAC model in real systems, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
Hartmut Ehrig , Karsten Ehrig , Annegret Habel , Karl-Heinz Pennemann, Theory of Constraints and Application Conditions: From Graphs to High-Level Structures, Fundamenta Informaticae, v.74 n.1, p.135-166, January 2006
James B. D. Joshi , Elisa Bertino , Arif Ghafoor , Yue Zhang, Formal foundations for hybrid hierarchies in GTRBAC, ACM Transactions on Information and System Security (TISSEC), v.10 n.4, p.1-39, January 2008
Geoff Skinner, Making a CASE for PACE: components of the combined authentication scheme encapsulation for a privacy augmented collaborative environment, WSEAS Transactions on Computers, v.7 n.6, p.630-639, June 2008
Geoff Skinner, Security for a privacy augmented collaborative environment with a combined authentication scheme encapsulation, Proceedings of the WSEAS International Conference on Applied Computing Conference, p.145-151, May 27-30, 2008, Istanbul, Turkey
Xinyu Wang , Jianling Sun , Xiaohu Yang , Chao Huang , Di Wu, Security Violation Detection for RBAC Based Interoperation in Distributed Environment, IEICE - Transactions on Information and Systems, v.E91-D n.5, p.1447-1456, May 2008
Ninghui Li , Qihua Wang , Mahesh Tripunitara, Resiliency Policies in Access Control, ACM Transactions on Information and System Security (TISSEC), v.12 n.4, p.1-34, April 2009

INDEX TERMS

Primary Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Access controls

Additional Classification:
  F. Theory of Computation
  F.1 COMPUTATION BY ABSTRACT DEVICES
      F.1.m Miscellaneous

  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)


General Terms:
Design, Management, Security


Keywords:
Access control in information systems, correctness, decentralized administration, graph transformations, permission management, role-based access control


REVIEW

"Stephen D. Wolthusen : Reviewer"

Role-based access control mechanisms (RBACs) have emerged as a viable mechanism for providing models of security policies for civilian applications, combining the requisite flexibility for modeling delegation with fine-grained control over resourc  more...

Collaborative Colleagues:
Manuel Koch: colleagues
Luigi V. Mancini: colleagues
Francesco Parisi-Presicce: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player