Skip to main content
SpringerLink
Log in
Book cover

International Conference on Database and Expert Systems Applications

DEXA 2006: Database and Expert Systems Applications pp 914–923Cite as

Modeling and Inferring on Role-Based Access Control Policies Using Data Dependencies

  • Conference paper

  • 1400 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 4080))

Abstract

Role-Based Access Control (RBAC) models are becoming a de facto standard, greatly simplifying management and administration tasks. Organizational constraints were introduced (e.g.: mutually exclusive roles, cardinality, prerequisite roles) to reflect peculiarities of organizations. Thus, the number of rules is increasing and policies are becoming more and more complex: understanding and analyzing large policies in which several security officers are involved can be a tough job. There is a serious need for administration tools allowing analysis and inference on access control policies. Such tools should help security officers to avoid defining conflicting constraints and inconsistent policies.

This paper shows that theoretical tools from relational databases are suitable for expressing and inferring on RBAC policies and their related constraints. We focused on using Constrained Tuple-Generating Dependencies (CTGDs), a class of dependencies which includes traditional other ones. We show that their great expressive power is suitable for all practical relevant aspects of RBAC. Moreover, proof procedures have been developed for CTGDs: they permit to reason on policies. For example, to check their consistency, to verify a new rule is not already implied or to check satisfaction of security properties. A prototype of RBAC policies management tool has been implemented, using CTGDs dedicated proof procedures as the underlying inference engine.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ramaswamy, C., Sandhu, R.: Role-based access control features in commercial database management systems. In: Proc. 21st NIST-NCSC National Information Systems Security Conference, pp. 503–511 (1998)

    Google Scholar 

  2. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)

    Google Scholar 

  3. CERT/CC, U.S.S., magazine, C.: E-crimewatch survey. Technical report (2005), http://www.cert.org/archive/pdf/ecrimesummary05.pdf

  4. Bertino, E., Catania, B., Ferrari, E., Perlasca, P.: A logical framework for reasoning about access control models. ACM Trans. Inf. Syst. Secur. 6(1), 71–127 (2003)

    Article  Google Scholar 

  5. Bonatti, P.A., Samarati, P.: Logics for authorization and security. In: Chomicki, J., van der Meyden, R., Saake, G. (eds.) Logics for Emerging Applications of Databases, pp. 277–323. Springer, Heidelberg (2003)

    Google Scholar 

  6. Maher, M.J., Srivastava, D.: Chasing constrained tuple-generating dependencies. In: PODS, pp. 128–138. ACM Press, New York (1996)

    Google Scholar 

  7. Abiteboul, S., Hull, R., Vianu, V.: Foundations of Databases. Addison-Wesley, Reading (1995)

    MATH  Google Scholar 

  8. Coulondre, S.: A top-down proof procedure for generalized data dependencies. Acta Inf. 39(1), 1–29 (2003)

    Article  MATH  MathSciNet  Google Scholar 

  9. Beeri, C., Vardi, M.Y.: A proof procedure for data dependencies. J. ACM 31(4), 718–741 (1984)

    Article  MATH  MathSciNet  Google Scholar 

  10. Barker, S., Stuckey, P.J.: Flexible access control policy specification with constraint logic programming. ACM Trans. Inf. Syst. Secur. 6(4), 501–546 (2003)

    Article  Google Scholar 

  11. Gavrila, S.I., Barkley, J.F.: Formal specification for role based access control user/role and role/role relationship management. In: ACM Workshop on Role-Based Access Control, pp. 81–90 (1998)

    Google Scholar 

  12. Wang, J., Topor, R., Maher, M.J.: Reasoning with Disjunctive Constrained Tuple-Generating Dependencies. In: Mayr, H.C., Lazanský, J., Quirchmayr, G., Vogel, P. (eds.) DEXA 2001. LNCS, vol. 2113, pp. 963–973. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  13. Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S.: Flexible support for multiple access control policies. ACM Trans. Database Syst. 26(2), 214–260 (2001)

    Article  MATH  Google Scholar 

  14. Halpern, J.Y., Weissman, V.: Using first-order logic to reason about policies. In: CSFW, pp. 187–201. IEEE Computer Society, Los Alamitos (2003)

    Google Scholar 

  15. Sandhu, R.S., Munawer, Q.: The arbac99 model for administration of roles. In: ACSAC, pp. 229–240. IEEE Computer Society, Los Alamitos (1999)

    Google Scholar 

  16. Bertino, E., Bonatti, P.A., Ferrari, E.: Trbac: A temporal role-based access control model. ACM Trans. Inf. Syst. Secur. 4(3), 191–233 (2001)

    Article  Google Scholar 

  17. Grumbach, S., Rigaux, P., Segoufin, L.: Spatio-temporal data handling with constraints. GeoInformatica 5(1), 95–115 (2001)

    Article  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. LIRIS: Lyon Research Center for Images and Intelligent Information Systems, Bâtiment Blaise Pascal, 20 av. Albert Einstein, 69621 Cedex, Villeurbanne, France

    Romuald Thion & Stéphane Coulondre

Authors
  1. Romuald Thion
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stéphane Coulondre
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computing, National University of Singapore,  

    Stéphane Bressan

  2. University of Linz, Altenbergerstraße 69, 4040, Linz, Austria

    Josef Küng  & Roland Wagner  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Thion, R., Coulondre, S. (2006). Modeling and Inferring on Role-Based Access Control Policies Using Data Dependencies. In: Bressan, S., Küng, J., Wagner, R. (eds) Database and Expert Systems Applications. DEXA 2006. Lecture Notes in Computer Science, vol 4080. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11827405_89

Download citation

  • DOI: https://doi.org/10.1007/11827405_89

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-37871-6

  • Online ISBN: 978-3-540-37872-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation