Advertisement

RBAC-PAT: A Policy Analysis Tool for Role Based Access Control

  • Mikhail I. Gofman
  • Ruiqi Luo
  • Ayla C. Solomon
  • Yingbin Zhang
  • Ping Yang
  • Scott D. Stoller
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5505)

Abstract

Role-Based Access Control (RBAC) has been widely used for expressing access control policies. Administrative Role-Based Access Control (ARBAC) specifies how an RBAC policy may be changed by each administrator. Because sequences of changes by different administrators may interact in unintended ways, it is often difficult to fully understand the effect of an ARBAC policy by simple inspection. This paper presents RBAC-PAT, a tool for analyzing RBAC and ARBAC policies, which supports analysis of various properties including reachability, availability, containment, weakest precondition, dead roles, and information flows.

References

  1. 1.
    Osborn, S.: Information flow analysis of an RBAC system. In: SACMAT, pp. 163–168 (2002)Google Scholar
  2. 2.
    Sandhu, R., Bhamidipati, V., Munawer, Q.: The ARBAC97 model for role-based administration of roles. TISSEC 2(1), 105–135 (1999)CrossRefGoogle Scholar
  3. 3.
    Sasturkar, A., Yang, P., Stoller, S.D., Ramakrishnan, C.: Policy analysis for administrative role based access control. In: IEEE CSFW, pp. 124–138 (2006)Google Scholar
  4. 4.
    Stoller, S., Yang, P., Ramakrishnan, C.R., Gofman, M.: Efficient policy analysis for administrative role based access control. In: CCS, pp. 445–455 (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Mikhail I. Gofman
    • 1
  • Ruiqi Luo
    • 1
  • Ayla C. Solomon
    • 2
  • Yingbin Zhang
    • 1
  • Ping Yang
    • 1
  • Scott D. Stoller
    • 3
  1. 1.Dept. of Computer ScienceBinghamton UniversityUSA
  2. 2.Dept. of Computer ScienceWellesley CollegeWellesleyUSA
  3. 3.Dept. of Computer ScienceStony Brook UniversityStony BrookUSA

Personalised recommendations