Specifications
Source title: Lecture Notes in Computer Science (including subseries Lecture Notes in
Artificial Intelligence and Lecture Notes in Bioinformatics)
Abbreviated source title: Lect. Notes Comput. Sci.
Volume: 7964 LNCS
Monograph title: Data and Applications Security and Privacy XXVII - 27th Annual IFIP WG
11.3 Conference, DBSec 2013, Proceedings
Issue date: 2013
Publication year: 2013
Pages: 49-64
Language: English
ISSN: 03029743
E-ISSN: 16113349
ISBN-13: 9783642392559
Document type: Conference article (CA)
Conference name: 27th Annual IFIP WG 11.3 Conference on Data and Applications Security
and Privacy, DBSec 2013
Conference date: July 15, 2013 - July 17, 2013
Conference location: Newark, NJ, United states
Conference code: 98271
Publisher: Springer Verlag, Tiergartenstrasse 17, Heidelberg, D-69121, Germany
Abstract: Access control is widely used in large systems for restricting resource access to
authorized users. In particular, role based access control (RBAC) is a generalized approach to
access control and is well recognized for its many advantages in managing authorization policies.
This paper considers user-role reachability analysis of administrative role based access control
(ARBAC), which defines administrative roles and specifies how members of each administrative
role can change the RBAC policy. Most existing works on user-role reachability analysis assume
the separate administration restriction in ARBAC policies. While this restriction greatly simplifies
the user-role reachability analysis, it also limits the expressiveness and applicability of ARBAC. In
this paper, we consider analysis of ARBAC without the separate administration restriction and
present new techniques to reduce the number of ARBAC rules and users considered during
analysis. We also present a number of parallel algorithms that speed up the analysis on
multi-core systems. The experimental results show that our techniques significantly reduce the
analysis time, making it practical to analyze ARBAC without separate administration. © 2013 IFIP
International Federation for Information Processing.
Number of references: 23
Main heading: Access control
Controlled terms: Multimedia services - Separation
Uncontrolled terms: Analysis time - Authorization policy - Authorized
users - Multi-core systems - Policy analysis - Reachability analysis - Resource
access - Role-based Access Control
Classification code: 723 Computer Software, Data Handling and Applications - 802.3
Chemical Operations
DOI: 10.1007/978-3-642-39256-6_4
Database: Compendex