Abstract
With the wide implementations of Role-based access control (RBAC) models in the information systems, the access control for RBAC itself, administration of RBAC, becomes more and more important. In this paper, we propose a Domain Administration of RBAC Model, DARBAC, which defines an administrative domain for each administrative role. The administrative role can execute administrative operations on the users, roles, objects and child administrative roles within its administrative domain. Then we use π-calculus to formalize the elements of DARBAC model and their interactions. Although π-calculus has been successfully used in many security areas such as protocol analysis and information flow analysis, as we have known, our approach is the first attempt to use π-calculus to formalize RBAC and its administrative model.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Rolebased access control models. IEEE Computer 29(2), 38–47 (February 1996)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and System Security 4(3), 224–274 (August 2001)
Sandhu, R.S., Bhamidipati, V., Munawer, Q.: The ARBAC 1997 Model for Role-Based Administration of Roles. ACM Transactions on Information and Systems Security 2(1), 105–135 (1999)
Oh, S., Sandhu, R.S.: A model for role administration using organization structure. SACMAT 2002, 155–162 (2002)
Crampton, J., Loizou, G.: Administrative scope: A foundation for rolebased administrative models. ACM Transactions on Information and System Security 6(2), 201–231 (2003)
Wedde, H.F., Lischka, M.: Modular Authorization and Administration. ACM Transactions on Information and System Security 7(3), 363–391 (2004)
Koch, M., Mancini, L.V., Parisi-Presicce, F.: A Graph based Formalism for RBAC. ACM Trans. Information and System Security 5(3), 332–365 (2002)
Koch, M., Mancini, L.V., Parisi-Presicce, F.: Administrative scope in the graph-based framework. SACMAT 2004, 97–104 (2004)
Milner, R., Parrow, J., Walker, D.: A Calculus of Mobile Processes, Part I/II. Journal of Information and Computation 100(1), 1–77 (1992)
Parrow, J.: An Introduction to the Pi calculus. Handbook of Process Algebra, pp. 479–543. Elsevier, Amsterdam (2001)
Sangiorgi, D., Walker, D.: The pi calculus: A theory of Mobile Processes. Cambridge University Press, Cambridge (2001)
Abadi, M., Gordon, A.D.: A Calculus for Cryptographic Protocols: The Spi Calculus. In: ACM Conference on Computer and Communications Security, pp. 36–47 (1997)
Hennessy, M., Riely, J.: Information Flow vs. Resource Access in the Asynchronous Pi-Calculus. ACM Transactions on Programming Languages and Systems 24(5), 566–591 (2002)
Padget, J.A., Bradford, R.J.: A pi-calculus Model of a Spanish Fish Market - Preliminary Report. In: Noriega, P., Sierra, C. (eds.) AMET 1998 and AMEC 1998. LNCS, vol. 1571, pp. 166–188. Springer, Heidelberg (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lu, Y., Zhang, L., Liu, Y., Sun, J. (2006). Using π-Calculus to Formalize Domain Administration of RBAC. In: Chen, K., Deng, R., Lai, X., Zhou, J. (eds) Information Security Practice and Experience. ISPEC 2006. Lecture Notes in Computer Science, vol 3903. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11689522_26
Download citation
DOI: https://doi.org/10.1007/11689522_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-33052-3
Online ISBN: 978-3-540-33058-5
eBook Packages: Computer ScienceComputer Science (R0)