Rôle-based access control (RBAC) is increasingly attracting attention because it reduces the complexity and cost of security administration by interposing the notion of rôle in the assignment of permissions to users. In this paper, we present a formal framework relying on an extension of the π-calculus to study the behaviour of concurrent systems in a RBAC scenario. We define a type system ensuring that the specified policy is respected during computations, and a behavioural equivalence to equate systems. We then consider a more sophisticated feature that can be easily integrated in our framework, i.e., the possibility of automatically adding rôle activations and deactivations to processes to be run under a given policy (whenever possible). Finally, we show how the framework can be easily extended to express significant extensions of the core RBAC model, such as rôles hierarchies or constraints determining the acceptability of the system components. © 2006-IOS Press and the authors. All rights reserved.
Role-based access control for a distributed calculus / C., Braghin; Gorla, Daniele; V., Sassone. - In: JOURNAL OF COMPUTER SECURITY. - ISSN 0926-227X. - STAMPA. - 14:2(2006), pp. 113-155.
Role-based access control for a distributed calculus
GORLA, DANIELE;
2006
Abstract
Rôle-based access control (RBAC) is increasingly attracting attention because it reduces the complexity and cost of security administration by interposing the notion of rôle in the assignment of permissions to users. In this paper, we present a formal framework relying on an extension of the π-calculus to study the behaviour of concurrent systems in a RBAC scenario. We define a type system ensuring that the specified policy is respected during computations, and a behavioural equivalence to equate systems. We then consider a more sophisticated feature that can be easily integrated in our framework, i.e., the possibility of automatically adding rôle activations and deactivations to processes to be run under a given policy (whenever possible). Finally, we show how the framework can be easily extended to express significant extensions of the core RBAC model, such as rôles hierarchies or constraints determining the acceptability of the system components. © 2006-IOS Press and the authors. All rights reserved.| File | Dimensione | Formato | |
|---|---|---|---|
|
J3.pdf
solo gestori archivio
Tipologia:
Documento in Post-print (versione successiva alla peer review e accettata per la pubblicazione)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
327.91 kB
Formato
Adobe PDF
|
327.91 kB | Adobe PDF | Contatta l'autore |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
