Role-Based Access Control (RBAC) is supported directly or in a closely related form, by a number of products. This article presents a formalization of RBAC using graph transformations that is a graphical specification technique based on a generalization of classical string grammars to nonlinear structures. The proposed formalization provides an intuitive description for the manipulation of graph structures as they occur in information systems access control and a precise specification of static and dynamic consistency conditions on graphs and graph transformations. The formalism captures the RBAC models published in the literature, and also allows a uniform treatment of user roles and administrative roles, and a detailed analysis of the decentralization of administrative roles.
A Graph based formalism for RBAC / M., Koch; Mancini, Luigi Vincenzo; PARISI PRESICCE, Francesco. - In: ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY. - ISSN 1094-9224. - STAMPA. - 5:3(2002), pp. 332-365. [10.1145/545186.545191]
A Graph based formalism for RBAC
MANCINI, Luigi Vincenzo;PARISI PRESICCE, Francesco
2002
Abstract
Role-Based Access Control (RBAC) is supported directly or in a closely related form, by a number of products. This article presents a formalization of RBAC using graph transformations that is a graphical specification technique based on a generalization of classical string grammars to nonlinear structures. The proposed formalization provides an intuitive description for the manipulation of graph structures as they occur in information systems access control and a precise specification of static and dynamic consistency conditions on graphs and graph transformations. The formalism captures the RBAC models published in the literature, and also allows a uniform treatment of user roles and administrative roles, and a detailed analysis of the decentralization of administrative roles.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
