Skip to main content
SpringerLink
Log in

The Conflict Detection Between Permission Assignment Constraints in Role-Based Access Control

  • Conference paper
Information Security and Cryptology (CISC 2005)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3822))

Included in the following conference series:

Abstract

Assuring integrity of permission assignment (PA) constraints is a difficult task in role-based access control (RBAC) because of the large number of constraints, users, roles and permissions in a large enterprise environment. We provide solutions to this problem using the conflict concept. This paper introduces the conflict model in order to understand the conflicts easily and to detect conflicts effectively. The conflict model is classified as a permission-permission model and a role-permission model. This paper defines two type conflicts using the conflict model. The first type is an inter-PA-constraints (IPAC) conflict that takes place between PA constraints. The other type is a PA–PAC conflict that takes place between a PA and a PA constraint (PAC). Also, the conditions of conflict occurrence are formally specified and proved. We can assure integrity on permission assignment by checking conflicts before PA and PA constraints are applied.

This work was supported by the faculty research fund of Konkuk University in 2005.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ferraiolo, D.F., et al.: Role-Based Access Control, Artech House (2003)

    Google Scholar 

  2. Kuhn, D.R.: Mutual Exclusion of Roles as a Means of Implementing Separation of Duty in Role-Based Access Control Systems. In: Second ACM Workshop on Role-Based Access Control (1997)

    Google Scholar 

  3. Gligor, V.D., Gavrila, S.I., Ferraiolo, D.: On the formal definition of separation-of-duty policies and their composition. In: IEEE Symposium on Security and Privacy, Oakland, California (May 1998)

    Google Scholar 

  4. Nyanchama, M., Osborn, S.: The Role Graph Model and Conflict of Interest. ACM Transactions on Information and System Security 2(1), 3–33 (1999)

    Article  Google Scholar 

  5. Bertino, E., Ferrari, E., Atluri, V.: The specification and enforcement of authorization constraints in workflow management systems. ACM Transactions on Information and System Security 2(1), 65–104 (1999)

    Article  Google Scholar 

  6. Moon, C.-J., Park, D.-H., Park, S.-J., Baik, D.-K.: Symmetric RBAC Model that Takes the Separation of Duty and Role Hierarchies into Consid-eration. Computers & Security 23(2), 126–136 (2004)

    Article  Google Scholar 

  7. Ahn, G.-J., Sandhu, R.: Role-Based Authorization Constraints Specification. ACM Transactions on Information and System Security 3(4), 207–226 (2000)

    Article  Google Scholar 

  8. Sandhu, R.S., Coynek, E.J., Feinsteink, H.L., Youmank, C.E.: Role-Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)

    Google Scholar 

  9. Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST Model for Role-Base Access Control: Toward A Unified Standard. In: Proceedings, 5th ACM Workshop on Role Based Access Control, July 26-27 (2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Konkuk University, 322 Danwol-dong, Chungju-si, Chungcheongbuk-do, 380-701, Korea

    Chang-Joo Moon & Woojin Paik

  2. Department of Computer Science and Engineering, Korea University, Anam-dong 5-ga, Seongbuk-gu, 136-701, Seoul, Korea

    Young-Gab Kim

  3. Korea Air Force Central Computer Center, P.O.Box 501-329, Bunam-ri, Namseon-myeon, Gyeryong-si, Chungcheongnam-do, 321-929, Korea

    Ju-Hum Kwon

Authors
  1. Chang-Joo Moon
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Woojin Paik
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Young-Gab Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ju-Hum Kwon
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. State Key Laboratory of Information Security, Institution of Software of Chinese Academy of Sciences, 100080, Beijing, China

    Dengguo Feng

  2. SKLOIS Lab, Institute of Software, Chinese Academy of Sciences, 100080, Beijing, P.R. China

    Dongdai Lin

  3. Computer Science Department, Google Inc. and Columbia University, 1214 Amsterdam Avenue, NY 10027, New York, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Moon, CJ., Paik, W., Kim, YG., Kwon, JH. (2005). The Conflict Detection Between Permission Assignment Constraints in Role-Based Access Control. In: Feng, D., Lin, D., Yung, M. (eds) Information Security and Cryptology. CISC 2005. Lecture Notes in Computer Science, vol 3822. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11599548_23

Download citation

  • DOI: https://doi.org/10.1007/11599548_23

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-30855-3

  • Online ISBN: 978-3-540-32424-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation