论文信息 - Formal specification for role based access control user/role and role/role relationship management

Formal specification for role based access control user/role and role/role relationship management

Role Based Access Control (RBAC), an access control mechanism, reduces the cost of administering access control policies as well as making the process less error-prone. The Admin Tool developed for the NIST RBAC Model manages user/role and role/role relationships stored in the RBAC Database. This paper presents a formal specification of the RBAC Database and Admin Tool operations. Consistency requirements for the RBAC Database are defined as a set of properties. Alternative properties, substantially simpler to verify in an implementation, are shown to be equivalent. In addition, the paper defines the semantics of Admin Tool operations, and shows that, given a consistent RBAC Database and an operation which meets specified conditions, the RBAC Database remains consistent after the operation is performed.

Serban I. Gavrila | John F. Barkley | John F. Barkley | S. Gavrila

[1] David F. Ferraiolo,et al. Role Based Access Control for the World Wide Web , 1997 .

[2] Ravi S. Sandhu,et al. Role activation hierarchies , 1998, RBAC '98.

[3] Ravi S. Sandhu,et al. Role-Based Access Control Models , 1996, Computer.

[4] D. Richard Kuhn,et al. Future directions in role-based access control , 1996, RBAC '95.