Role-based access control (RBAC) is increasingly attracting attention because it reduces the complexity and cost of security administration by interposing the notion of role in the assignment of permissions to users. In this paper we present a formal framework relying on an extension of the pi calculus to study the behavior of concurrent systems in a RBAC scenario. We define a type system ensuring that the specified policy is respected during computations, and a bisimulation to equate systems. The theory is then applied to three meaningful examples, namely finding the 'minimal' policy to run a given system, refining a system to be run under a given policy (whenever possible), and minimizing the number of users in a given system without changing the overall behavior.

A distributed calculus for role-based access control / C., Braghin; Gorla, Daniele; V., Sassone. - STAMPA. - (2004), pp. 48-60. (Intervento presentato al convegno 17th IEEE Computer Security Foundations Workshop tenutosi a Pacific Grove, CA nel JUN 28-30, 2004) [10.1109/csfw.2004.1310731].

A distributed calculus for role-based access control

GORLA, DANIELE;
2004

Abstract

Role-based access control (RBAC) is increasingly attracting attention because it reduces the complexity and cost of security administration by interposing the notion of role in the assignment of permissions to users. In this paper we present a formal framework relying on an extension of the pi calculus to study the behavior of concurrent systems in a RBAC scenario. We define a type system ensuring that the specified policy is respected during computations, and a bisimulation to equate systems. The theory is then applied to three meaningful examples, namely finding the 'minimal' policy to run a given system, refining a system to be run under a given policy (whenever possible), and minimizing the number of users in a given system without changing the overall behavior.
2004
17th IEEE Computer Security Foundations Workshop
04 Pubblicazione in atti di convegno::04b Atto di convegno in volume
A distributed calculus for role-based access control / C., Braghin; Gorla, Daniele; V., Sassone. - STAMPA. - (2004), pp. 48-60. (Intervento presentato al convegno 17th IEEE Computer Security Foundations Workshop tenutosi a Pacific Grove, CA nel JUN 28-30, 2004) [10.1109/csfw.2004.1310731].
File allegati a questo prodotto
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/56002
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 11
  • ???jsp.display-item.citation.isi??? 9
social impact