Policy Analysis for Administrative Role Based Access Control

Sasturkar, Amit; Yang, Ping; Stoller, Scott D.; Ramakrishnan, C. R.

doi:10.1109/csfw.2006.22

Cited by 69 publications

(89 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…ReduceAdmin evaluation. We evaluate ReduceAdmin on two sets of realistic ARBAC policies without separate administration, used in several case studies [22,7,9,21]: a hospital and a university policy [19]. Table 3 summarizes the results of our evaluation.…”

Section: Resultsmentioning

confidence: 99%

“…However, in the rest of the paper we restrict ourself to consider only RBAC policies with an empty hierarchy relation. From an analysis point of view it is always possible to transform a hierarchical RBAC system into one without hierarchy that preserves the reachability of its roles (see [20] for the description of such a transformation). Furthermore, we concentrate our analysis on user-role administration.…”

Section: Preliminariesmentioning

confidence: 99%

“…Li and Tripunitara [14] have studied the security analysis problem of ARBAC systems and identified fragments and restricted queries that can be solved in polynomial time. Sasturkar et al [20] have showed that the problem is Pspace-complete, that most restrictions still are NP-hard, and some very restricted cases can be solved in polynomial time. Jha et al [10] compared the use of model checking and first order logic programming for the security analysis of ARBAC and concluded that model checking is a promising approach for security analysis.…”

Section: Introductionmentioning

confidence: 99%

“…As a fourth contribution, we evaluate our techniques on the policies (without separate assumption) in [19]-these systems are initially populated by thousands of users and the naive precise solution known will track all users and would fail pathetically. Our procedure significantly simplifies the policies considered, reducing the number of effective users that need to be tracked to be very small (often 3 to 4), which then leads us to solve the security problem for them.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Policy Analysis for Self-administrated Role-Based Access Control

Ferrara

Madhusudan

Parlato

2013

Tools and Algorithms for the Construction and Analysis of Systems

View full text Add to dashboard Cite

Abstract. Current techniques for security analysis of administrative role-based access control (ARBAC) policies restrict themselves to the separate administration assumption that essentially separates administrative roles from regular ones. The naive algorithm of tracking all users is all that is known for the security analysis of ARBAC policies without separate administration, and the state space explosion that this results in precludes building effective tools. In contrast, the separate administration assumption greatly simplifies the analysis since it makes it sufficient to track only one user at a time. However, separation limits the expressiveness of the models and restricts modeling distributed administrative control. In this paper, we undertake a fundamental study of analysis of ARBAC policies without the separate administration restriction, and show that analysis algorithms can be built that track only a bounded number of users, where the bound depends only on the number of administrative roles in the system. Using this fundamental insight paves the way for us to design an involved heuristic to further tame the state space explosion in practical systems. Our results are also very effective when applied on policies designed under the separate administration restriction. We implement our techniques and report on experiments conducted on several realistic case studies.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Preliminariesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Policy Analysis for Self-administrated Role-Based Access Control

Ferrara

Madhusudan

Parlato

2013

Tools and Algorithms for the Construction and Analysis of Systems

View full text Add to dashboard Cite

show abstract

“…Although there is no consensus to the definition of Role Based Access control (RBAC), RBAC is a framework for controlling user access to resources based on roles. It can significantly reduce the cost of access control policy administration and is increasingly widely used in large organizations [8]. RBAC allows access decisions to be based on the roles that individual users have as part of an organization.…”

Section: Introductionmentioning

confidence: 99%

Enhanced Role Based Access Control Mechanism for Electronic Examination System

Onashoga

Abayomi‐Alli²,

Ogunseye³

2014

IJCNIS

View full text Add to dashboard Cite

-Over the years, e-learning and eexamination has become standard in many institutions of higher learning. It has been observed that examination questions and results can be easily intercepted by invalid users, thus the security of resources shared among valid users is not guaranteed. In order to solve these problems as it relates to access control, a Role based Examination System (RBES) was designed, developed and evaluated. RBES attempted to solve the security issue by the combination of two authentication techniques: textbased authentication and graphical password authentication. The Text-based authentication utilizes two text-based parameters namely the username and password. The graphical password authentication makes use of a finite set of controls (RBES chooses radio buttons) which are identified by numbers. These numbers constitute the password used for graphical authentication. To improve on resource sharing among users in the examination system, RBES proposes role management (role creation, role update, role removal) and user management (user creation, user update and user removal). The developed system made use of asp.net, C#, IIS server, WAMP server, Mysql and other tools for its development. RBES was tested by some legitimate and illegitimate users and the performance of the system was found to be satisfactory, hence RBES shows an efficient and reliable scheme that can be deployed in any examination or e-learning system. Finally the potential threats to the system were modeled and the use of weak passwords was found to be the most likely threat the system could be vulnerable to.

show abstract

Vac - Verifier of Administrative Role-Based Access Control Policies

Ferrara

Madhusudan

Nguyen

et al. 2014

Computer Aided Verification

View full text Add to dashboard Cite

Abstract. In this paper we present Vac, an automatic tool for verifying security properties of administrative Role-based Access Control (RBAC). RBAC has become an increasingly popular access control model, particularly suitable for large organizations, and it is implemented in several software. Automatic security analysis of administrative RBAC systems is recognized as an important problem, as an analysis tool can help designers check whether their policies meet expected security properties. Vac converts administrative RBAC policies to imperative programs that simulate the policies both precisely and abstractly and supports several automatic verification back-ends to analyze the resulting programs. In this paper, we describe the architecture of Vac and overview the analysis techniques that have been implemented in the tool. We also report on experiments with several benchmarks from the literature.

show abstract

Policy Analysis for Administrative Role Based Access Control

Abstract: Abstract

Cited by 69 publications

References 26 publications

Policy Analysis for Self-administrated Role-Based Access Control

Policy Analysis for Self-administrated Role-Based Access Control

Enhanced Role Based Access Control Mechanism for Electronic Examination System

Vac - Verifier of Administrative Role-Based Access Control Policies

Contact Info

Product

Resources

About