skip to main content
10.1145/1542207.1542213acmconferencesArticle/Chapter ViewAbstractPublication PagessacmatConference Proceedingsconference-collections
research-article

An efficient framework for user authorization queries in RBAC systems

Published: 03 June 2009 Publication History

Abstract

The User Authorization Query (UAQ) Problem for RBAC, introduced by Zhang and Joshi, is to determine the set of roles to be activated in a single session for a particular set of permissions requested by the user. This set of roles must satisfy constraints that prevent certain combinations of roles to be activated in one session, and should follow the least privilege principle. We show that the existing approach to the UAQ problem is inadequate, and propose two approaches for solving the UAQ problem. In the first approach, we develop algorithms that use the backtracking-based search techniques developed in the artificial intelligence community. In the second approach, we reduce the problem to the MAXSAT problem which can be solved using available SAT solvers. We have implemented both approaches and experimentally evaluated them.

References

[1]
zChaff http://www.princeton.edu/~chaff/zchaff.html.
[2]
S. Du and J. B. D. Joshi. Supporting authorization query and inter-domain role mapping in presence of hybrid role hierarchy. In SACMAT '06: Proceedings of the eleventh ACM symposium on Access control models and technologies, pp. 228--236, 2006.
[3]
Z. Fu and S. Malik. On Solving the Partial MAX-SAT Problem. In ESORICS '04: Proceedings of Theory and Applications of Satisfiability Testing -- SAT 2006, pp. 252--265, 2006.
[4]
J. B. D. Joshi and E. Bertino and A. Ghafoor. Temporal hierarchies and inheritance semantics for GTRBAC. In SACMAT '02: Proceedings of the seventh ACM symposium on Access control models and technologies, pp. 74--83, 2002.
[5]
N. Li and J. Byun and E. Bertino A Critique of the ANSI Standard on Role Based Access Control. In IEEE Security and Privacy, pp. 41--49, 2007.
[6]
N. Li and M. V. Tripunitara and Z. Bizri On Mutually Exclusive Roles and Separation of Duty. In ACM Transactions on Information and System Security, 10(2), 2007.
[7]
C. Sinz Visualizing SAT Instances and Runs of the DPLL Algorithm. In J. Autom. Reason., 39(2) pp. 219--243, 2007. {8} Q. Wei and J. Crampton and K. Beznosov and M. Ripeanu Authorization recycling in RBAC systems. In SACMAT '08: Proceedings of the 13th ACM symposium on Access control models and technologies, pp. 63--72, 2008.
[8]
Y. Zhang and J. B. D. Joshi UAQ: a framework for user authorization query processing in RBAC extended with hybrid hierarchy and constraints. In SACMAT '08: Proceedings of the 13th ACM symposium on Access control models and technologies, pp. 83--92, 2008.

Cited By

View all
  • (2024)Mining Domain-Based PoliciesProceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy10.1145/3626232.3653265(403-414)Online publication date: 19-Jun-2024
  • (2024)A Risk Assessment based RBAC using Attack Graphs to Mitigate Insider Threat during UAQ2024 IEEE 48th Annual Computers, Software, and Applications Conference (COMPSAC)10.1109/COMPSAC61105.2024.00190(1440-1443)Online publication date: 2-Jul-2024
  • (2022)Quantum Algorithm for Variant Maximum SatisfiabilityEntropy10.3390/e2411161524:11(1615)Online publication date: 5-Nov-2022
  • Show More Cited By

Index Terms

  1. An efficient framework for user authorization queries in RBAC systems

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      SACMAT '09: Proceedings of the 14th ACM symposium on Access control models and technologies
      June 2009
      258 pages
      ISBN:9781605585376
      DOI:10.1145/1542207
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Sponsors

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 03 June 2009

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. constraints
      2. role based access control

      Qualifiers

      • Research-article

      Conference

      SACMAT '09
      Sponsor:

      Acceptance Rates

      SACMAT '09 Paper Acceptance Rate 24 of 75 submissions, 32%;
      Overall Acceptance Rate 177 of 597 submissions, 30%

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)1
      • Downloads (Last 6 weeks)0
      Reflects downloads up to 17 Feb 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2024)Mining Domain-Based PoliciesProceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy10.1145/3626232.3653265(403-414)Online publication date: 19-Jun-2024
      • (2024)A Risk Assessment based RBAC using Attack Graphs to Mitigate Insider Threat during UAQ2024 IEEE 48th Annual Computers, Software, and Applications Conference (COMPSAC)10.1109/COMPSAC61105.2024.00190(1440-1443)Online publication date: 2-Jul-2024
      • (2022)Quantum Algorithm for Variant Maximum SatisfiabilityEntropy10.3390/e2411161524:11(1615)Online publication date: 5-Nov-2022
      • (2021)Towards Better Understanding of User Authorization Query Problem via Multi-variable Complexity AnalysisACM Transactions on Privacy and Security10.1145/345076824:3(1-22)Online publication date: 19-Aug-2021
      • (2019)Role-Mining Optimization with Separation-of-Duty Constraints and Security Detections for AuthorizationsFuture Internet10.3390/fi1109020111:9(201)Online publication date: 19-Sep-2019
      • (2019)G-SIRIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2017.265443816:1(84-98)Online publication date: 1-Jan-2019
      • (2018)Supporting user authorization queries in RBAC systems by role–permission reassignmentFuture Generation Computer Systems10.1016/j.future.2018.01.01088(707-717)Online publication date: Nov-2018
      • (2017)Towards an Efficient Approximate Solution for the Weighted User Authorization Query ProblemIEICE Transactions on Information and Systems10.1587/transinf.2016ICP0002E100.D:8(1762-1769)Online publication date: 2017
      • (2017)Supporting User Authorization Queries in RBAC Systems by Role-Permission ReassignmentCyberspace Safety and Security10.1007/978-3-319-69471-9_35(468-476)Online publication date: 21-Oct-2017
      • (2015)Hard Instances for Verification Problems in Access ControlProceedings of the 20th ACM Symposium on Access Control Models and Technologies10.1145/2752952.2752959(161-164)Online publication date: 1-Jun-2015
      • Show More Cited By

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media