article

Free access

Role-based authorization constraints specification

Editors: Ravi Sandhu, John McLean Authors:

Gail-Joon Ahn,

Ravi SandhuAuthors Info & Claims

ACM Transactions on Information and System Security (TISSEC), Volume 3, Issue 4

Pages 207 - 226

https://doi.org/10.1145/382912.382913

Published: 01 November 2000 Publication History

PDF eReader

Abstract

Constraints are an important aspect of role-based access control (RBAC) and are often regarded as one of the principal motivations behind RBAC. Although the importance of contraints in RBAC has been recogni zed for a long time, they have not recieved much attention. In this article, we introduce an intuitive formal language for specifying role-based authorization constraints named RCL 2000 including its basic elements, syntax, and semantics. We give soundness and completeness proofs for RCL 2000 relative to a restricted form of first-order predicate logic. Also, we show how previously identified role-based authorization constraints such as separtation of duty (SOD) can be expressed in our language. Moreover, we show there are other significant SOD properties that have not been previously identified in the literature. Our work shows that there are many alternate formulations of even the simplest SOD properties, with varying degree of flexibility and assurance. Our language provides us a rigorous foundation for systematic study of role-based authorization constraints.

References

[1]

AHN, G.-J. 2000. The RCL 2000 language for specifying role-based authorization constraints. Ph.D. Dissertation. George Mason Univ., Fairfax, VA.

Crossref

Google Scholar

[2]

AHN,G.-J.AND SANDHU, R. 1999. The RSL99 language for role-based separation of duty constraints. In Proceedings of 4th ACM Workshop on Role-Based Access Control (RBAC '99, Fairfax, VA, Oct. 28-29). ACM, New York, NY, 43-54.

Crossref

Google Scholar

[3]

CHEN,F.AND SANDHU, R. S. 1995. Constraints for role-based access control. In Proceedings of the first ACM Workshop on Role-Based Access Control (RBAC '95, Gaithersburg, MD, Nov. 30-Dec. 1), C. E. Youman, R. S. Sandhu, and E. J. Coyne, Eds. ACM Press, New York, NY, 39-46.

Crossref

Google Scholar

[4]

GIURI,L.AND IGLIO, P. 1996. A formal model for role-based access control with constraints. In Proceedings of 9th IEEE Workshop on Computer Security Foundations (Kenmare, Ireland, June). IEEE Press, Piscataway, NJ, 136-145.

Crossref

Google Scholar

[5]

GLIGOR,V.D.,GAVRILA, S., AND FERRAIOLO, D. 1998. On the formal definition of separationof-duty policies and their composition. In Proceedings of the 1998 IEEE Computer Society Symposium on Research in Security and Privacy (Oakland, CA, May). IEEE Computer Society Press, Los Alamitos, CA, 172-183.

Google Scholar

[6]

JAEGER, T. 1999. On the increasing importance of constraints. In Proceedings of 4th ACM Workshop on Role-Based Access Control (RBAC '99, Fairfax, VA, Oct. 28-29). ACM, New York, NY, 33-42.

Crossref

Google Scholar

[7]

KUHN, D. R. 1997. Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems. In Proceedings of the Second ACM Workshop on Role-based Access Control (RBAC '97, Fairfax, VA, Nov. 6-7), C. Youman, E. Coyne, and T. Jaeger, Chairs. ACM Press, New York, NY, 23-30.

Crossref

Google Scholar

[8]

OSBORN, S., SANDHU, R., AND MUNAWER, Q. 2000. Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Trans. Inf. Syst. Secur. 3, 2 (May).

Crossref

Google Scholar

[9]

SANDHU, R. S. 1993. Lattice-based access control models. IEEE Computer 26, 11, 9-19.

Crossref

Google Scholar

[10]

SANDHU, R., FERRAIOLO, D., AND KUHN, R. 2000. The NIST model for role-based access control: Towards a unified standard. In Proceedings of 5th ACM Workshop on Role-Based Access Control (RBAC '00, Berlin, Germany, July 26 - 27). ACM, New York, NY, 47-63.

Crossref

Google Scholar

[11]

SANDHU,R.AND MUNAWER, Q. 1998. How to do discretionary access control using roles. In Proceedings of the Third ACM Workshop on Role-Based Access Control (RBAC '98, Fairfax, VA, Oct. 22-23), C. Youman and T. Jaeger, Chairs. ACM Press, New York, NY, 47-54.

Crossref

Google Scholar

[12]

SANDHU, R. S. 1996. Role hierarchies and constraints for lattice-based access controls. In Proceedings of the Fourth European Symposium on Research in Computer Security (ESO-RICS96, Rome, Italy, Sept. 25-27), E. Bertino, Ed. Springer-Verlag, New York, NY.

Crossref

Google Scholar

[13]

SANDHU,R.S.,COYNE,E.J.,FEINSTEIN,H.L.,AND YOUMAN, C. E. 1996. Role-based access control models. IEEE Computer 29, 2 (Feb.), 38-47.

Crossref

Google Scholar

[14]

SIMON,R.AND ZURKO, M. E. 1997. Separation of duty in role based access control environments. In Proceedings of the 10th IEEE Workshop on Computer Security Foundations (Rockport, MA, June 10-12). IEEE Computer Society Press, Los Alamitos, CA, 183-194.

Crossref

Google Scholar

Cited By

View all

Groll SKern SFuchs LPernul G(2024)A Framework for Managing Separation of Duty PoliciesProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670912(1-10)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670912
Zhong WZhao JHu H(2023)Unified Implementation and Simplification for Task-Based Authorization Security in WorkflowsIEEE Transactions on Services Computing10.1109/TSC.2023.326865116:5(3796-3811)Online publication date: Sep-2023
https://doi.org/10.1109/TSC.2023.3268651
Zhong WZhao JHu H(2023)Beacon-Based Firing Control for Authorization Security in WorkflowsIEEE Transactions on Reliability10.1109/TR.2023.323578572:4(1594-1609)Online publication date: Dec-2023
https://doi.org/10.1109/TR.2023.3235785
Show More Cited By

Index Terms

Role-based authorization constraints specification

Recommendations

Configuring role-based access control to enforce mandatory and discretionary access control policies

Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...
Towards formal specification and verification of a role-based authorization engine using JML
SESS '10: Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems

Employing flexible access control mechanisms, formally specifying and correctly implementing relevant security properties, and ensuring that the implementation satisfies its formal specification, are some of the important aspects towards achieving ...
Function-Based Authorization Constraints Specification and Enforcement
IAS '07: Proceedings of the Third International Symposium on Information Assurance and Security

Constraints are an important aspect of role-based access control (RBAC) and its different extensions. They are often regarded as one of the principal motivation behind these access control models. In this paper, we introduce two novel authorization ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ACM Transactions on Information and System Security Volume 3, Issue 4

Nov. 2000

88 pages

ISSN:1094-9224

EISSN:1557-7406

DOI:10.1145/382912

Editors:
Ravi Sandhu
George Mason Univ., Fairfax, VA
,
John McLean
Naval Research Lab, Washington, D.C.

Issue’s Table of Contents

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 November 2000

Published in TISSEC Volume 3, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

324
Total Citations
View Citations
2,915
Total Downloads

Downloads (Last 12 months)203
Downloads (Last 6 weeks)19

Reflects downloads up to 12 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Groll SKern SFuchs LPernul G(2024)A Framework for Managing Separation of Duty PoliciesProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670912(1-10)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670912
Zhong WZhao JHu H(2023)Unified Implementation and Simplification for Task-Based Authorization Security in WorkflowsIEEE Transactions on Services Computing10.1109/TSC.2023.326865116:5(3796-3811)Online publication date: Sep-2023
https://doi.org/10.1109/TSC.2023.3268651
Zhong WZhao JHu H(2023)Beacon-Based Firing Control for Authorization Security in WorkflowsIEEE Transactions on Reliability10.1109/TR.2023.323578572:4(1594-1609)Online publication date: Dec-2023
https://doi.org/10.1109/TR.2023.3235785
Saxena UAlam T(2023)Provisioning trust-oriented role-based access control for maintaining data integrity in cloudInternational Journal of System Assurance Engineering and Management10.1007/s13198-023-02112-x14:6(2559-2578)Online publication date: 9-Sep-2023
https://doi.org/10.1007/s13198-023-02112-x
Rao UChoksy PChaurasia A(2023)A Motive Towards Enforcement of Attribute-Based Access Control Models in Dynamic EnvironmentsSecurity, Privacy and Data Analytics10.1007/978-981-99-3569-7_27(381-395)Online publication date: 19-Aug-2023
https://doi.org/10.1007/978-981-99-3569-7_27
Ullah UMusharaf UHaleem M(2022)An Authentication-Oriented Approach to Model the Crosscutting Constraints in Sequence Diagram Using Aspect OCLSecurity and Communication Networks10.1155/2022/30839092022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/3083909
Kern SBaumer TGroll SFuchs LPernul G(2022)Optimization of Access Control PoliciesJournal of Information Security and Applications10.1016/j.jisa.2022.10330170:COnline publication date: 1-Nov-2022
https://dl.acm.org/doi/10.1016/j.jisa.2022.103301
Tripathi DTripathi ASingh LChaturvedi A(2022)Towards analyzing the impact of intrusion prevention and response on cyber-physical system availability: A case study of NPPAnnals of Nuclear Energy10.1016/j.anucene.2021.108863168(108863)Online publication date: Apr-2022
https://doi.org/10.1016/j.anucene.2021.108863
Das DWalker ABushong VSvacina JCerny TMatyas V(2021)On automated RBAC assessment by constructing a centralized perspective for microservice meshPeerJ Computer Science10.7717/peerj-cs.3767(e376)Online publication date: 1-Feb-2021
https://doi.org/10.7717/peerj-cs.376
Yang BHu H(2021)Secure Conflicts Avoidance in Multidomain Environments: A Distributed ApproachIEEE Transactions on Systems, Man, and Cybernetics: Systems10.1109/TSMC.2019.295458951:9(5478-5489)Online publication date: Sep-2021
https://doi.org/10.1109/TSMC.2019.2954589
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

References

Cited By

Index Terms

Recommendations

Configuring role-based access control to enforce mandatory and discretionary access control policies

Towards formal specification and verification of a role-based authorization engine using JML

Function-Based Authorization Constraints Specification and Enforcement

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations