Abstract
Role-Based Access Control (RBAC) is supported directly or in a closely related form, by a number of products. This paper presents a formalization of RBAC using graph transformations which is a graphical specification technique based on a generalization to nonlinear structures of classical string grammars. The proposed formalization provides an intuitive description for the manipulation of graph structures as they occur in information systems access control, a specification of static and dynamic consistency conditions on graphs and graph trasformations, a uniform treatment of user roles and administrative roles, and a detailed analysis of the decentralization of administrative roles. Moreover, the properties of a given RBAC specification can be verified by employing one of the graph transformation tools available.
partially supported by the EC under TMR Network GETGRATS,Esprit WG APPLIGRAPH, and by the Italian MURST.
Chapter PDF
Similar content being viewed by others
References
Ehrig, H., Engels, G., Kreowski, H.-J., Rozenberg, G. (eds.): Handbook of Graph Grammars and Computing by Graph Transformations. Applications, Languages, and Tools, vol. II. World Scientific, Singapore (1999)
Gavrila, S.I., Barkley, J.F.: Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management. In: Proc. of 3rd ACM Workshop on Role-Based Access Control (1998)
Heckel, R., Wagner, A.: Ensuring consistency of conditional graph grammars - a constructive approach. In: Proc. of SEGRAGRA 1995 Graph Rewriting and Computation. Electronic Notes of TCS, vol. 2 (1995), http://www.elsevier.nl/locate/entcs/volume2.html
Koch, M., Mancini, L.V., Parisi-Presicce, F.: On the specification and evolution of access control policies. Technical Report SI-2000/05, Dip.Scienze dell’Informazione, Uni. Roma La Sapienza (May 2000)
Nyanchama, M., Osborne, S.L.: The Role Graph Model and Conflict of Interest. ACM Trans. of Info. and System Security 2(1), 3–33 (1999)
Parisi-Presicce, F., Ehrig, H., Montanari, U.: Graph Rewriting with Unification and Composition. In: Ehrig, H., Nagl, M., Rosenfeld, A., Rozenberg, G. (eds.) Graph Grammars 1986. LNCS, vol. 291, pp. 496–514. Springer, Heidelberg (1987)
Rozenberg, G. (ed.): Handbook of Graph Grammars and Computing by Graph Transformations. Foundations, vol. I. World Scientific, Singapore (1997)
Sandhu, R.S.: Role-Based Access Control. In: Advances in Computers, vol. 46, Academic Press, London (1998)
Sandhu, R., Bhamidipati, V., Munawer, Q.: The ARBAC97 model for role-based administration of roles. ACM Transactions on Information and System Security 2(1), 105–135 (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Koch, M., Mancini, L.V., Parisi-Presicce, F. (2000). A Formal Model for Role-Based Access Control Using Graph Transformation . In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds) Computer Security - ESORICS 2000. ESORICS 2000. Lecture Notes in Computer Science, vol 1895. Springer, Berlin, Heidelberg. https://doi.org/10.1007/10722599_8
Download citation
DOI: https://doi.org/10.1007/10722599_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-41031-7
Online ISBN: 978-3-540-45299-7
eBook Packages: Springer Book Archive