Skip to main content
SpringerLink
Log in

Authorization Constraints Specification of RBAC

  • Conference paper
Book cover Information Security Applications (WISA 2007)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4867))

Included in the following conference series:

  • 986 Accesses

Abstract

Constraints are an important aspect of role-based access control (RBAC) and are often regarded as one of the principle motivations behind RBAC. Although the importance of the constraints in RBAC has been recognized for a long time, they have not received much attention. In this article, we introduce an intuitive formal language for specifying role-based authorization constraints named RCL2000 including its basic elements, syntax and semantics. We show how previously identified role-based authorization constraints such as separation of duty (SOD) can be expressed in this language, and that there are other significant SOD properties that have not been previously identified in the literature. Our work indicates that there are many alternate formulations of even the simplest SOD properties, with varying degree of flexibility and assurance. So this language provides us a rigorous foundation for systematic study of role-based authorization constraints.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Chen, F., Sandhu, R.S.: Constraints for Role-based Access Control. In: Proceedings of the First ACM Workshop on Role-Based Access Control, pp. 39–46. ACM Press, New York (1995)

    Google Scholar 

  2. Ahn, G.J., Sandh, R.: The RSL99 Language for Role-based Separation of Duty Constraints. In: Proceedings of 4th ACM Workshop on Role-Based Access Control, pp. 43–54. ACM Press, New York (1999)

    Chapter  Google Scholar 

  3. Giuri, L., Iglio, P.: A Formal Model for Role-based Access Control with Constraints. In: Proceedings of 9th IEEE Workshop on Computer Security Foundations, pp. 136–145. IEEE Press, Piscataway, NJ (1996)

    Chapter  Google Scholar 

  4. Gligor, V.D., Gavrila, S., Ferraiolo, D.: On the Formal Definition of Separation-of-duty Policies and Their Composition. In: Proceedings of the 1998 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 172–183. IEEE Computer Society Press, Los Alamitos, CA (1998)

    Google Scholar 

  5. Jaeger, T.: On the Increasing Importance of Constraints. In: Proceedings of 4th ACM Workshop on Role-Based Access Control, pp. 33–42. ACM Press, New York (1999)

    Chapter  Google Scholar 

  6. Osborn, S., Sandhu, R., Munawer, Q.: Configuring Role-based Access Control to Enforce Mandatory and Discretionary Access Control Policies. ACM Trans. Inf. Syst. Secur. 3(2) (2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information and Technology&Engineering Research Center on Education Information Technology, Central China Normal Uninversity, 430079, Wuhan, China

    Lilong Han, Qingtan Liu & Zongkai Yang

Authors
  1. Lilong Han
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Qingtan Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zongkai Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Industrial Engineering, KAIST, 373-1, Guseong-dong, Yuseong-gu, 305-701, Daejeon, Korea

    Sehun Kim

  2. RSA Labs, EMC Corp. and Department of Computer Science, Columbia University,, USA

    Moti Yung

  3. Div. Computer Information of Software, Hanshin University, 411, Yangsan-dong, 447-791, Osan, Gyunggi, South Korea

    Hyung-Woo Lee

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Han, L., Liu, Q., Yang, Z. (2007). Authorization Constraints Specification of RBAC. In: Kim, S., Yung, M., Lee, HW. (eds) Information Security Applications. WISA 2007. Lecture Notes in Computer Science, vol 4867. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77535-5_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-77535-5_19

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-77534-8

  • Online ISBN: 978-3-540-77535-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation