Abstract
There would seem to be a natural connection between graphs and information security. This is particularly so in the arena of access control and authorization. Research on applying graph theory to access control problems goes back almost three decades. Nevertheless it is yet to make its way into the mainstream of access control research and practice. Much of this prior research is based on first principles, although more recently there have been significant efforts to build upon existing graph theory results and approaches. This paper gives a perspective on some of the connections between graphs and their transformations and access control models, particularly with respect to the safety problem and dynamic role hierarchies.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Ammann, P., Lipton, R., Sandhu, R.: The Expressive Power of Multi- Parent Creation in Monotonic Access Control Models. In: Proc. IEEE Computer Security Foundations Workshop V, Franconia, New Hampshire, June 1992, pp. 148–156 (1992)
Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, Graph-Based Network Vulnerability Analysis. In: Proceedings CCS 2002: 9th ACM Conference on Computer and Communications Security, Washington, DC, November 2002, pp. 217–224 (2002)
Crampton, J.: Administrative Scope and Role Hierarchy Operations. In: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies, Monterey, California, pp. 145–154 (2002)
Crampton, J., Loizou, G.: Administrative scope: A Foundation for Role- Based Administrative Models. ACM Trans. Inf. Syst. Secur. 6(2), 201–231 (2003)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Richard Kuhn, D., Chandramouli, R.: Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and System Security 4(3), 224–274 (2001)
Jaeger, T., Tidswell, J.E.: Practical safety in flexible access control models. ACM Trans. on Info. and System Security 4(2), 158–190 (2001)
Jha, S., Sheyner, O., Wing, J.: Two Formal Analyses of Attack Graphs. In: Proceedings of the 15th IEEE Computer Security Foundations Workshop, pp. 49–63 (June 24-26, 2002)
Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in Operating Systems. Commun. ACM 19(8), 461–471 (1976)
Koch, M., Mancini, L.V., Parisi-Presicce, F.: A Formal Model for Role- Based Access Control using Graph Transformation. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 122–139. Springer, Heidelberg (2000)
Koch, M., Mancini, L.V., Parisi-Presicce, F.: Decidability of Safety in Graph- Based Models of Access Control. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 229–243. Springer, Heidelberg (2002)
Koch, M., Mancini, L.V., Parisi-Presicce, F.: A Graph Based Formalism for RBAC. ACM Trans. on Info. and System Security 5(3), 332–365 (2002)
Koch, M., Parisi-Presicce, F.: Describing Policies with Graph Constraints and Rules. In: Corradini, A., Ehrig, H., Kreowski, H.-J., Rozenberg, G. (eds.) ICGT 2002. LNCS, vol. 2505, pp. 223–238. Springer, Heidelberg (2002)
Koch, M., Mancini, L.V., Parisi-Presicce, F.: Administrative Scope in the Graph- Based Framework. In: Proceedings of the ninth ACM Symposium on Access control Models and Technologies, Yorktown Heights, New York, pp. 97–104 (2004)
Lampson, B.W.: Protection. In: 5th Princeton Symposium on Information Science and Systems, pp. 437–443 (1971); Reprinted in ACM Operating Systems Review 8(1), 18–24 (1974)
Lipton, R.J., Snyder, L.: A Linear Time Algorithm for Deciding Subject Security. Journal of the ACM 24(3), 455–464 (1977)
Lockman, A., Minsky, N.: Unidirectional Transport of Rights and Take-Grant Control. IEEE TSE SE-8(6), 597–604 (1982)
McDermott, J.P.: Attack Net Penetration Testing. In: Proceedings of the 2000 workshop on New Security Paradigms, Ballycotton, County Cork, Ireland, pp. 15–21. ACM Press, New York (2000)
Nyanchama, M., Osborn, S.L.: The Role Graph Model and Conflict of Interest. ACM Trans. on Info. and System Security 1(2), 3–33 (1999)
Park, J., Sandhu, R.: The UCONABC Usage Control Model. ACM Transactions on Information and System Security 7(1), 128–174 (2004)
Phillips, C., Swiler, L.: A graph-based system for network vulnerability analysis. In: ACM New Security Paradigms Workshop, pp. 71–79 (1998)
Reiter, M.K., Stubblebine, S.G.: Authentication Metric Analysis and Design. ACM Trans. Inf. Syst. Secur. 2(2), 138–158 (1999)
Sandhu, R.: The Schematic Protection Model: Its Definition and Analysis for Acyclic Attenuating Schemes. Journal of the ACM 35(2), 404–432 (1988)
Sandhu, R.: The NTree: A Two Dimension Partial Order for Protection Groups. ACM Transactions on Computer Systems 6(2), 197–222 (1988)
Sandhu, R.: The Typed Access Matrix Model. In: Proc. IEEE Symposium on Research in Security and Privacy, Oakland, California, May 1992, pp. 122–136 (1992)
Sandhu, R., Samarati, P.: Access Control: Principles and Practice. IEEE Communications 32(9), 40–48 (1994)
Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)
Sandhu, R., Bhamidipati, V., Munawer, Q.: The ARBAC97 Model for Role-Based Administration of Roles. ACM Transactions on Information and System Security 2(1), 105–135 (1999)
Sandhu, R., Park, J.: Usage Control: A Vision for Next Generation Access Control. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 17–31. Springer, Heidelberg (2003)
Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated Generation and Analysis of Attack Graphs. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, May 12-15, pp. 254–265 (2002)
Zhang, X., Park, J., Parisi-Presicce, F., Sandhu, R.: A Logical Specification for Usage Control. In: Proc. 9th ACM Symposium on Access Control Models and Technologies (SACMAT), New York, June 2-4, pp. 1–10 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sandhu, R. (2004). A Perspective on Graphs and Access Control Models. In: Ehrig, H., Engels, G., Parisi-Presicce, F., Rozenberg, G. (eds) Graph Transformations. ICGT 2004. Lecture Notes in Computer Science, vol 3256. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30203-2_2
Download citation
DOI: https://doi.org/10.1007/978-3-540-30203-2_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23207-0
Online ISBN: 978-3-540-30203-2
eBook Packages: Springer Book Archive