Models of Access Control Policies specified with graphs and graph transformation rules combine an intuitive visual representation with solid semantical foundations. While the expressive power of graph transformations leads in general to undecidable models, we prove that it is possible, with reasonable restrictions on the form of the rules, to obtain access control models where safety is decidable. The restrictions introduced are minimal in that no deletion and addition of a graph structure are allowed in the same modification step. We then illustrate our result with two examples: a graph based DAC model and a simplified decentralized RBAC model.
Decidability of Safety in Graph-based Models for Access Control / M., Koch; Mancini, Luigi Vincenzo; PARISI PRESICCE, Francesco. - STAMPA. - 2502:(2002), pp. 229-243. (Intervento presentato al convegno 7th European Symposium on Research in Computer Security tenutosi a Zurich, Switzerland nel Oct 2002) [10.1007/3-540-45853-0_14].
Decidability of Safety in Graph-based Models for Access Control
MANCINI, Luigi Vincenzo;PARISI PRESICCE, Francesco
2002
Abstract
Models of Access Control Policies specified with graphs and graph transformation rules combine an intuitive visual representation with solid semantical foundations. While the expressive power of graph transformations leads in general to undecidable models, we prove that it is possible, with reasonable restrictions on the form of the rules, to obtain access control models where safety is decidable. The restrictions introduced are minimal in that no deletion and addition of a graph structure are allowed in the same modification step. We then illustrate our result with two examples: a graph based DAC model and a simplified decentralized RBAC model.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
