A Formal Model for Parameterized Role-Based Access Control

Abdallah, Ali E. and Khayat, Etienne J. (2005) A Formal Model for Parameterized Role-Based Access Control. In: Formal Aspects in Security and Trust. Springer, pp. 233-246. ISBN 978-0-387-24050-3

Full text not available from this repository. (Request a copy)

Abstract

Role-Based Access Control (RBAC) usually enables a higher level view of authorization. In this model, access permissions are assigned to roles and, in turn, roles are allocated to subjects. The usefulness of the RBAC model is well documented. It includes simplicity, consistency, scalability and ease of manageability. In practice, however, only limited versions of RBAC seem to have been successfully implemented, notably in applications such as databases and operating systems. The problem stems from the fact that most applications require a finer degree of authorization than what core RBAC models are able to provide. In theory, current RBAC models can be adapted to capture fine grained authorizations by dramatically increasing the number of distinct roles in these models. However, this solution comes at an unacceptably high cost of allocating low level privileges which eliminates the major benefits gained from having a high level RBAC model.
This paper presents a methodology for refining abstract RBAC models into new Parameterized RBAC models which provide finer grain of authorizations. The semantics of the Parameterized RBAC model is given as a state-based core RBAC model expressed in the formal specification notation Z. By systematically applying this methodology the scope of applications of RBAC is substantially extended and the major benefits of having the core model are maintained.

Item Type: Book Section
Subjects: G400 Computer Science
Divisions: Faculty of Computing, Engineering and the Built Environment
Faculty of Computing, Engineering and the Built Environment > School of Computing and Digital Technology
Faculty of Computing, Engineering and the Built Environment > School of Computing and Digital Technology > Cyber Security
UoA Collections > UoA11: Computer Science and Informatics
Depositing User: Oana-Andreea Dumitrascu
Date Deposited: 07 Apr 2017 11:22
Last Modified: 07 Apr 2017 11:22
URI: http://www.open-access.bcu.ac.uk/id/eprint/4234

Actions (login required)

View Item View Item

Research

In this section...