Skip to main content
SpringerLink
Log in
Book cover

International Conference on Graph Transformation

ICGT 2004: Graph Transformations pp 2–12Cite as

A Perspective on Graphs and Access Control Models

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3256))

Abstract

There would seem to be a natural connection between graphs and information security. This is particularly so in the arena of access control and authorization. Research on applying graph theory to access control problems goes back almost three decades. Nevertheless it is yet to make its way into the mainstream of access control research and practice. Much of this prior research is based on first principles, although more recently there have been significant efforts to build upon existing graph theory results and approaches. This paper gives a perspective on some of the connections between graphs and their transformations and access control models, particularly with respect to the safety problem and dynamic role hierarchies.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ammann, P., Lipton, R., Sandhu, R.: The Expressive Power of Multi- Parent Creation in Monotonic Access Control Models. In: Proc. IEEE Computer Security Foundations Workshop V, Franconia, New Hampshire, June 1992, pp. 148–156 (1992)

    Google Scholar 

  2. Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, Graph-Based Network Vulnerability Analysis. In: Proceedings CCS 2002: 9th ACM Conference on Computer and Communications Security, Washington, DC, November 2002, pp. 217–224 (2002)

    Google Scholar 

  3. Crampton, J.: Administrative Scope and Role Hierarchy Operations. In: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies, Monterey, California, pp. 145–154 (2002)

    Google Scholar 

  4. Crampton, J., Loizou, G.: Administrative scope: A Foundation for Role- Based Administrative Models. ACM Trans. Inf. Syst. Secur. 6(2), 201–231 (2003)

    Article  Google Scholar 

  5. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Richard Kuhn, D., Chandramouli, R.: Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and System Security 4(3), 224–274 (2001)

    Article  Google Scholar 

  6. Jaeger, T., Tidswell, J.E.: Practical safety in flexible access control models. ACM Trans. on Info. and System Security 4(2), 158–190 (2001)

    Article  Google Scholar 

  7. Jha, S., Sheyner, O., Wing, J.: Two Formal Analyses of Attack Graphs. In: Proceedings of the 15th IEEE Computer Security Foundations Workshop, pp. 49–63 (June 24-26, 2002)

    Google Scholar 

  8. Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in Operating Systems. Commun. ACM 19(8), 461–471 (1976)

    Article  MATH  MathSciNet  Google Scholar 

  9. Koch, M., Mancini, L.V., Parisi-Presicce, F.: A Formal Model for Role- Based Access Control using Graph Transformation. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 122–139. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  10. Koch, M., Mancini, L.V., Parisi-Presicce, F.: Decidability of Safety in Graph- Based Models of Access Control. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 229–243. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  11. Koch, M., Mancini, L.V., Parisi-Presicce, F.: A Graph Based Formalism for RBAC. ACM Trans. on Info. and System Security 5(3), 332–365 (2002)

    Article  Google Scholar 

  12. Koch, M., Parisi-Presicce, F.: Describing Policies with Graph Constraints and Rules. In: Corradini, A., Ehrig, H., Kreowski, H.-J., Rozenberg, G. (eds.) ICGT 2002. LNCS, vol. 2505, pp. 223–238. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  13. Koch, M., Mancini, L.V., Parisi-Presicce, F.: Administrative Scope in the Graph- Based Framework. In: Proceedings of the ninth ACM Symposium on Access control Models and Technologies, Yorktown Heights, New York, pp. 97–104 (2004)

    Google Scholar 

  14. Lampson, B.W.: Protection. In: 5th Princeton Symposium on Information Science and Systems, pp. 437–443 (1971); Reprinted in ACM Operating Systems Review 8(1), 18–24 (1974)

    Google Scholar 

  15. Lipton, R.J., Snyder, L.: A Linear Time Algorithm for Deciding Subject Security. Journal of the ACM 24(3), 455–464 (1977)

    Article  MATH  MathSciNet  Google Scholar 

  16. Lockman, A., Minsky, N.: Unidirectional Transport of Rights and Take-Grant Control. IEEE TSE SE-8(6), 597–604 (1982)

    Google Scholar 

  17. McDermott, J.P.: Attack Net Penetration Testing. In: Proceedings of the 2000 workshop on New Security Paradigms, Ballycotton, County Cork, Ireland, pp. 15–21. ACM Press, New York (2000)

    Chapter  Google Scholar 

  18. Nyanchama, M., Osborn, S.L.: The Role Graph Model and Conflict of Interest. ACM Trans. on Info. and System Security 1(2), 3–33 (1999)

    Article  Google Scholar 

  19. Park, J., Sandhu, R.: The UCONABC Usage Control Model. ACM Transactions on Information and System Security 7(1), 128–174 (2004)

    Article  Google Scholar 

  20. Phillips, C., Swiler, L.: A graph-based system for network vulnerability analysis. In: ACM New Security Paradigms Workshop, pp. 71–79 (1998)

    Google Scholar 

  21. Reiter, M.K., Stubblebine, S.G.: Authentication Metric Analysis and Design. ACM Trans. Inf. Syst. Secur. 2(2), 138–158 (1999)

    Article  Google Scholar 

  22. Sandhu, R.: The Schematic Protection Model: Its Definition and Analysis for Acyclic Attenuating Schemes. Journal of the ACM 35(2), 404–432 (1988)

    Article  Google Scholar 

  23. Sandhu, R.: The NTree: A Two Dimension Partial Order for Protection Groups. ACM Transactions on Computer Systems 6(2), 197–222 (1988)

    Article  Google Scholar 

  24. Sandhu, R.: The Typed Access Matrix Model. In: Proc. IEEE Symposium on Research in Security and Privacy, Oakland, California, May 1992, pp. 122–136 (1992)

    Google Scholar 

  25. Sandhu, R., Samarati, P.: Access Control: Principles and Practice. IEEE Communications 32(9), 40–48 (1994)

    Article  Google Scholar 

  26. Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)

    Google Scholar 

  27. Sandhu, R., Bhamidipati, V., Munawer, Q.: The ARBAC97 Model for Role-Based Administration of Roles. ACM Transactions on Information and System Security 2(1), 105–135 (1999)

    Article  Google Scholar 

  28. Sandhu, R., Park, J.: Usage Control: A Vision for Next Generation Access Control. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 17–31. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  29. Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated Generation and Analysis of Attack Graphs. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, May 12-15, pp. 254–265 (2002)

    Google Scholar 

  30. Zhang, X., Park, J., Parisi-Presicce, F., Sandhu, R.: A Logical Specification for Usage Control. In: Proc. 9th ACM Symposium on Access Control Models and Technologies (SACMAT), New York, June 2-4, pp. 1–10 (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. George Mason University and NSD Security, ISE Department, MS4A4, George Mason University, Fairfax, VA, 22030, USA

    Ravi Sandhu

Authors
  1. Ravi Sandhu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Technische Universität Berlin, Germany

    Hartmut Ehrig

  2. University of Paderborn, Warburger Straße 100, 33098, Paderborn, Germany

    Gregor Engels

  3. George Mason University, Fairfax, Virginia, USA

    Francesco Parisi-Presicce

  4. Leiden Center of Advanced Computer Science (LIACS), Leiden University, Niels Bohrweg 1, 2333, Leiden, CA, The Netherlands

    Grzegorz Rozenberg

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Sandhu, R. (2004). A Perspective on Graphs and Access Control Models. In: Ehrig, H., Engels, G., Parisi-Presicce, F., Rozenberg, G. (eds) Graph Transformations. ICGT 2004. Lecture Notes in Computer Science, vol 3256. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30203-2_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30203-2_2

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-23207-0

  • Online ISBN: 978-3-540-30203-2

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation