The role graph model and conflict of interest

Abstract

We describe in more detail than before the reference model for role-based access control introduced by Nyanchama and Osborn, and the role-graph model with its accompanying algorithms, which is one way of implementing role-role relationships. An alternative role insertion algorithm is added, and it is shown how the role creation policies of Fernandez et al. correspond to role addition algorithms in our model. We then use our reference model to provide a taxonomy for kinds of conflict. We then go on to consider in some detail privilege-privilege and and role-role conflicts in conjunction with the role graph model. We show how role-role conflicts lead to a partitioning of the role graph into nonconflicting collections that can together be safely authorized to a given user. Finally, in an appendix, we present the role graph algorithms with additional logic to disallow roles that contain conflicting privileges.

Keywords

This publication has 10 references indexed in Scilit:

Separation of duty in role-based environments
Published by Institute of Electrical and Electronics Engineers (IEEE) ,2002
Modeling users in role-based access control
Published by Association for Computing Machinery (ACM) ,2000
Role hierarchies and constraints for lattice-based access controls
Published by Springer Nature ,1996
Role-based access control models
Computer, 1996
The management of computer security profiles using a role-oriented approach
Computers & Security, 1994
Design for dynamic user-role-based security
Computers & Security, 1994
Role-based security, object oriented databases and separation of duty
ACM SIGMOD Record, 1993
A model of authorization for next-generation database systems
ACM Transactions on Database Systems, 1991
Protection in operating systems
Communications of the ACM, 1976
The Transitive Reduction of a Directed Graph
SIAM Journal on Computing, 1972