A graph-based formalism for RBAC
- 1 August 2002
- journal article
- Published by Association for Computing Machinery (ACM) in ACM Transactions on Information and System Security
- Vol. 5 (3) , 332-365
- https://doi.org/10.1145/545186.545191
Abstract
Role-Based Access Control (RBAC) is supported directly or in a closely related form, by a number of products. This article presents a formalization of RBAC using graph transformations that is a graphical specification technique based on a generalization of classical string grammars to nonlinear structures. The proposed formalization provides an intuitive description for the manipulation of graph structures as they occur in information systems access control and a precise specification of static and dynamic consistency conditions on graphs and graph transformations. The formalism captures the RBAC models published in the literature, and also allows a uniform treatment of user roles and administrative roles, and a detailed analysis of the decentralization of administrative roles.Keywords
This publication has 10 references indexed in Scilit:
- Proposed NIST standard for role-based access controlACM Transactions on Information and System Security, 2001
- On the specification and evolution of access control policiesPublished by Association for Computing Machinery (ACM) ,2001
- The NIST model for role-based access controlPublished by Association for Computing Machinery (ACM) ,2000
- Configuring role-based access control to enforce mandatory and discretionary access control policiesACM Transactions on Information and System Security, 2000
- The ARBAC97 model for role-based administration of rolesACM Transactions on Information and System Security, 1999
- The role graph model and conflict of interestACM Transactions on Information and System Security, 1999
- Formal specification for role based access control user/role and role/role relationship managementPublished by Association for Computing Machinery (ACM) ,1998
- Role-based access control modelsComputer, 1996
- Naming and grouping privileges to simplify security management in large databasesPublished by Institute of Electrical and Electronics Engineers (IEEE) ,1990
- The Transitive Reduction of a Directed GraphSIAM Journal on Computing, 1972