Citation Context

...heme with a Trust Management Language In this section, we compare a particular RBAC scheme to the trust management scheme, RT[∩]. The RBAC scheme we consider is called Assignment And Revocation (AAR) =-=[11]-=-. In AAR, the state is an RBAC state, and state-transition rules are those from the URA97 component of the ARBAC97 [19]; users may be assigned to and revoked from roles. RT[∩] is a trust management sc...

Citation Context

...modify the RBAC policy so that the target user is a member of those roles? Other analysis problems including permission-role reachability, user-permission reachability, availability, role containment =-=[14]-=-, and weakest precondition [20] can be solved in a similar manner or by reduction to user-role reachability analysis [19, 20]. This paper presents the first (to the best of our knowledge) algorithm de...

Citation Context

...es under assessment?” 6 Related Works Assessing the security implications of access control policies traditionally lies in the domain of safety analysis [10, 13], or, more recently, security analysis =-=[12, 11]-=-. When the projection of security implications becomes a challenging computational problem, safety or security analyses are indispensable. While appreciating the scope and analytical rigor of such app...

Citation Context

...ed by our tool. 6. RELATEDWORK AND DISCUSSION Logic Programming (LP) has been extensively used to provide a basis for the security analysis of access control and trust management policies (see, e.g., =-=[18]-=-). The main drawback of using LP is the limited support for negation in the applicability conditions of (administrative) actions. Our technique supports a form of negation (see Section 4.3) which, whe...

Citation Context

...le-reachability) having as few roles (rules, resp.) as a single one. Related Work. Besides the work already cited above, there are a few other works that are related to this paper. Li and Tripunitara =-=[14]-=- have studied the security analysis problem of ARBAC systems and identified fragments and restricted queries that can be solved in polynomial time. Sasturkar et al [20] have showed that the problem is...

Citation Context

...d. However, this is rather different from ours and it is not well suited to model cryptographic systems. 7 PDPPEP Resource Decision request Decision Apply decision Access request Fig. 3. An access control system In particular, in trust management systems, where policies are given through credentials, this allow one to use the inference system of CryptoCCS to model also the trust engine used in these frameworks. Let us see how it works with two well known models. 3.1 RT0: Role-based Trust Management We show how inference rules can be conveniently used to model RT languages for trust management [16, 28, 15, 14]. In these languages, credentials carry information on policies to define attributes of principals by starting from assertions of other principals. The notion of attribute is general enough to permit to use RT languages to model Role-based Access Control Mechanisms (RBAC), e.g. see [25]. As a matter of fact, an attribute could be considered as a role. Then one could use RT credential to express how principals are related to roles2. More precisely, we denote principals with A,B, C...; we denote role names with r, u, z.... A role takes the form of a principal followed by a role name, separated b...

Citation Context

...n the number of users is fixed by the initial state of the system, the problem is decidable,but suffers from an exponential time dependency on the number of roles, making techniques unscalable [23], =-=[14]-=-, [27], [26]. Consequently, to date, there is no effective system that administrators can use for security analysis, despite the fact that most of these problem instances have simple proofs that they ...

Citation Context

... usability of our visualization tool. Assessing the security implications of access control policies traditionally lies in the domain of safety analysis [14, 20], or, more recently, security analysis =-=[19, 18]-=-. When the projection of security implications becomes a challenging computational problem, safety or security analyses are indispensable. While appreciating the scope and analytical rigor of such app...