A distributed calculus for role-based access control
- 1 January 2004
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
- No. 10636900,p. 48-60
- https://doi.org/10.1109/csfw.2004.1310731
Abstract
Role-based access control (RBAC) is increasingly attracting attention because it reduces the complexity and cost of security administration by interposing the notion of role in the assignment of permissions to users. In this paper, we present a formal framework relying on an extension of the /spl pi/ calculus to study the behavior of concurrent systems in a RBAC scenario. We define a type system ensuring that the specified policy is respected during computations, and a bisimulation to equate systems. The theory is then applied to three meaningful examples, namely finding the 'minimal' policy to run a given system, refining a system to be run under a given policy (whenever possible), and minimizing the number of users in a given system without changing the overall behavior.Keywords
This publication has 12 references indexed in Scilit:
- Decidability of Safety in Graph-Based Models for Access ControlPublished by Springer Nature ,2002
- Resource Access Control in Systems of Mobile AgentsInformation and Computation, 2002
- A lightweight approach to specification and analysis of role-based access control extensionsPublished by Association for Computing Machinery (ACM) ,2002
- Bisimulations in the join-calculusTheoretical Computer Science, 2001
- Proposed NIST standard for role-based access controlACM Transactions on Information and System Security, 2001
- A logical framework for reasoning about access control modelsPublished by Association for Computing Machinery (ACM) ,2001
- Mobile ambientsTheoretical Computer Science, 2000
- On asynchrony in name-passing calculiPublished by Springer Nature ,1998
- Role-based access control modelsComputer, 1996
- On reduction-based process semanticsTheoretical Computer Science, 1995