Decidability of Safety in Graph-Based Models for Access Control

  • Manuel Koch
  • Luigi V. Mancini
  • Francesco Parisi-Presicce
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2502)


Models of Access Control Policies specified with graphs and graph transformation rules combine an intuitive visual representation with solid semantical foundations. While the expressive power of graph transformations leads in general to undecidable models, we prove that it is possible, with reasonable restrictions on the form of the rules, to obtain access control models where safety is decidable. The restrictions introduced are minimal in that no deletion and addition of a graph structure are allowed in the same modification step. We then illustrate our result with two examples: a graph based DAC model and a simplified decentralized RBAC model.


Access Control Graph Transformation Access Control Policy Access Control Model User Node 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [AS00]
    G. Ahn and R. Sandhu. Role-based Authorization Constraint Specification. A CM Trans. of Info. and System Security, 3(4), 2000.Google Scholar
  2. [CRPP91]
    A. Corradini, F. Rossi, and F. Parisi-Presicce. Logic programming as hypergraph rewriting. In Proc. of CAAP91, volume 493 of LNCS, pages 275–295. Springer, 1991.Google Scholar
  3. [EEKR99]
    H. Ehrig, G. Engels, H.-J. Kreowski, and G. Rozenberg, editors. Handbook of Graph Grammars and Computing by Graph Transformations. Vol. II: Applications, Languages, and Tools. World Scientific, 1999.Google Scholar
  4. [HRU76]
    M. A. Harrison, M. L. Ruzzo, and J. D. Ullman. Protection in operating systems. Communications of the ACM, 19(8):461–471, 1976.zbMATHCrossRefMathSciNetGoogle Scholar
  5. [JT01]
    Trent Jaeger and Jonathan E. Tidswell. Practical safety in flexible access control models. ACM Trans. of Info. and System Security, 4(2), 2001.Google Scholar
  6. [KMPP00]
    M. Koch, L.V. Mancini, and F. Parisi-Presicce. A Formal Model for Role-Based Access Control using Graph Transformation. In F. Cuppens, Y. Deswarte, D. Gollmann, and M. Waidner, editors, Proc. of the 6th European Symposium on Research in Computer Security (ESORICS 2000), number 1895 in Lect. Notes in Comp. Sci., pages 122–139. Springer, 2000.Google Scholar
  7. [KMPP01a]
    M. Koch, L.V. Mancini, and F. Parisi-Presicce. On the Specification and Evolution of Access Control Policies. In S. Osborne, editor, Proc. 6th ACM Symp. on Access Control Models and Technologies, pages 121–130. ACM, May 2001.Google Scholar
  8. [KMPP01b]
    M. Koch, L.V. Mancini, and F. Parisi-Presicce. Foundations for a graph-based approach to the Specification of Access Control Policies. In F. Honsell and M. Miculan, editors, Proc. of Foundations of Software Science and Computation Structures (FoSSaCS 2001), Lect. Notes in Comp. Sci. Springer, March 2001.Google Scholar
  9. [LS78]
    R. J. Lipton and L. Snyder. On synchronization and security. In Demillo et al., editor, Foundations of Secure Computation. Academic Press, 1978.Google Scholar
  10. [NO99]
    M. Nyanchama and S. L. Osborne. The Role Graph Model and Conflict of Interest. A CM Trans. of Info. and System Security, 1(2):3–33, 1999.CrossRefGoogle Scholar
  11. [Roz97]
    G. Rozenberg, editor. Handbook of Graph Grammars and Computing by Graph Transformations. Vol. I: Foundations. World Scientific, 1997.Google Scholar
  12. [Sny77]
    L. Snyder. On the Synthesis and Analysis of Protection Systems. In Proc. of 6th Symposium on Operating System Principles, volume 11 of Operating System Review, pages 141–150. ACM, 1977.Google Scholar
  13. [SS92]
    Ravi S. Sandhu and Gurpreet S. Suri. Non-Monotonic Transformation of Access Rights. In Proc. IEEE Symposium on Research and Privacy, pages 148–161, 1992.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Manuel Koch
    • 1
  • Luigi V. Mancini
    • 2
  • Francesco Parisi-Presicce
    • 2
    • 3
  1. 1.Freie Universität BerlinBerlinDE
  2. 2.Univ. di Roma La SapienzaRomeIT
  3. 3.George Mason UniversityFairfaxUSA

Personalised recommendations