Automated and Efficient Analysis of Role-Based Access Control with Attributes - Data and Applications Security and Privacy XXVI
Conference Papers Year : 2012

Automated and Efficient Analysis of Role-Based Access Control with Attributes

Abstract

We consider an extension of the Role-Based Access Control model in which rules assign users to roles based on attributes. We consider an open (allow-by-default) policy approach in which rules can assign users negated roles thus preventing access to the permissions associated to the role. The problems of detecting redundancies and inconsistencies are formally stated. By expressing the conditions on the attributes in the rules with formulae of theories that can be efficiently decided by Satisfiability Modulo Theories (SMT) solvers, we characterize the decidability and complexity of the problems of detecting redundancies and inconsistencies. The proof of the result is constructive and based on an algorithm that repeatedly solves SMT problems. An experimental evaluation with synthetic benchmark problems shows the practical viability of our technique.
Fichier principal
Vignette du fichier
978-3-642-31540-4_3_Chapter.pdf (384.56 Ko) Télécharger le fichier
Origin Files produced by the author(s)

Dates and versions

hal-01534765 , version 1 (08-06-2017)

Licence

Identifiers

Cite

Alessandro Armando, Silvio Ranise. Automated and Efficient Analysis of Role-Based Access Control with Attributes. 26th Conference on Data and Applications Security and Privacy (DBSec), Jul 2012, Paris, France. pp.25-40, ⟨10.1007/978-3-642-31540-4_3⟩. ⟨hal-01534765⟩
131 View
230 Download

Altmetric

Share

More