Skip to main content
SpringerLink
Log in

Mitigating the Intractability of the User Authorization Query Problem in Role-Based Access Control (RBAC)

  • Conference paper
Book cover Network and System Security (NSS 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7645))

Included in the following conference series:

Abstract

We address the User Authorization Query problem (UAQ) in Role-Based Access Control (RBAC) which relates to sessions that a user creates to exercise permissions. Prior work has shown that UAQ is intractable (NP-hard). We give a precise formulation of UAQ as a joint optimization problem, and observe that in general, UAQ remains in NP. We then investigate two techniques to mitigate its intractability. (1) We efficiently reduce UAQ to boolean satisfiability in conjunctive normal form, a well-known NP-complete problem for which solvers exist that are efficient for large classes of instances. We point out that a prior attempt is not a reduction, is inefficient, and provides only limited support for joint optimization. (2) We show that UAQ is fixed-parameter polynomial in the upper-bound set of permissions under reasonable assumptions. We discuss an open-source implementation of (1) and (2), based on which we have conducted an empirical assessment.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. zChaff (April 2012), http://www.princeton.edu/~chaff/zchaff.html

  2. Armando, A., Ranise, S., Turkmen, F., Crispo, B.: Efficient run-time solving of RBAC user authorization queries: Pushing the envelope. In: Proceedings of the ACM Conference on Data and Applications Security and Privacy (CODASPY 2012). ACM (February 2012)

    Google Scholar 

  3. Arora, S., Barak, B.: Computational Complexity: A Modern Approach. Cambridge University Press (2009)

    Google Scholar 

  4. Chen, L., Crampton, J.: Set Covering Problems in Role-Based Access Control. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 689–704. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  5. Cook, S.A.: The complexity of theorem-proving procedures. In: Proceedings of the Third Annual ACM Symposium on Theory of Computing, STOC 1971, pp. 151–158 (1971)

    Google Scholar 

  6. Cormen, T.H., Leiserson, C.E., Rivest, R.L., Stein, C.: Introduction to Algorithms, 3rd edn. The MIT Press (September 2009)

    Google Scholar 

  7. Downey, R.G., Fellows, M.R.: Fixed-parameter tractability and completeness I: Basic results. SIAM Journal on Computing 24(4), 873–921 (1995)

    Article  MathSciNet  MATH  Google Scholar 

  8. Du, S., Joshi, J.B.D.: Supporting authorization query and inter-domain role mapping in presence of hybrid role hierarchy. In: Proceedings of the ACM Symposium on Access Control Models and Technologies, SACMAT 2006, pp. 228–236. ACM, New York (2006)

    Chapter  Google Scholar 

  9. Ferraiolo, D.F., Sandhu, R.S., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Transactions on Information and Systems Security 4(3), 224–274 (2001)

    Article  Google Scholar 

  10. Garey, M.R., Johnson, D.S.: Computers and Intractability; A Guide to the Theory of NP-Completeness. W. H. Freeman & Co., New York (1990)

    Google Scholar 

  11. Komlenovic, M., Tripunitara, M., Zitouni, T.: An empirical assessment of approaches to distributed enforcement in role-based access control (rbac). In: Proceedings of the First ACM Conference on Data and Application Security and Privacy, CODASPY 2011, pp. 121–132. ACM, New York (2011)

    Google Scholar 

  12. Li, N., Tripunitara, M.V., Bizri, Z.: On mutually exclusive roles and separation-of-duty. ACM Trans. Inf. Syst. Secur., 10 (May 2007)

    Google Scholar 

  13. Mousavi, N., Tripunitara, M.V.: CNF-SAT and Fixed-Parameter Polynomial-Time Implementations for UAQ (April 2012), https://ece.uwaterloo.ca/~tripunit/uaq/

  14. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

  15. Sinz, C.: Towards an Optimal CNF Encoding of Boolean Cardinality Constraints. In: van Beek, P. (ed.) CP 2005. LNCS, vol. 3709, pp. 827–831. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  16. Wickramaarachchi, G.T., Qardaji, W.H., Li, N.: An efficient framework for user authorization queries in rbac systems. In: Proceedings of the ACM Symposium on Access Control Models and Technologies, SACMAT 2009, pp. 23–32. ACM, New York (2009)

    Chapter  Google Scholar 

  17. Zhang, Y., Joshi, J.B.D.: Uaq: a framework for user authorization query processing in rbac extended with hybrid hierarchy and constraints. In: Proceedings of the ACM Symposium on Access Control Models and Technologies, SACMAT 2008, pp. 83–92. ACM, New York (2008)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. ECE, University of Waterloo, Canada

    Nima Mousavi & Mahesh V. Tripunitara

Authors
  1. Nima Mousavi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mahesh V. Tripunitara
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Mathematics and Computer Science, Fujian Normal University, 350108, Fuzhou, Fujian, China

    Li Xu

  2. Department of Computer Science, CERIAS and Cyber Center, Purdue University, 47907-2107, West Lafayette, IN, USA

    Elisa Bertino

  3. School of Computer Science and Software Engineering, University of Wollongong, 2522, Wollongong, NSW, Australia

    Yi Mu

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Mousavi, N., Tripunitara, M.V. (2012). Mitigating the Intractability of the User Authorization Query Problem in Role-Based Access Control (RBAC). In: Xu, L., Bertino, E., Mu, Y. (eds) Network and System Security. NSS 2012. Lecture Notes in Computer Science, vol 7645. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34601-9_39

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-34601-9_39

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-34600-2

  • Online ISBN: 978-3-642-34601-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation