Using π-Calculus to Formalize Domain Administration of RBAC
With the wide implementations of Role-based access control (RBAC) models in the information systems, the access control for RBAC itself, administration of RBAC, becomes more and more important. In this paper, we propose a Domain Administration of RBAC Model, DARBAC, which defines an administrative domain for each administrative role. The administrative role can execute administrative operations on the users, roles, objects and child administrative roles within its administrative domain. Then we use π-calculus to formalize the elements of DARBAC model and their interactions. Although π-calculus has been successfully used in many security areas such as protocol analysis and information flow analysis, as we have known, our approach is the first attempt to use π-calculus to formalize RBAC and its administrative model.
KeywordsRole Process Access Port Access Control Model Administrative Domain Operation Port
Unable to display preview. Download preview PDF.
- 1.Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Rolebased access control models. IEEE Computer 29(2), 38–47 (February 1996)Google Scholar
- 4.Oh, S., Sandhu, R.S.: A model for role administration using organization structure. SACMAT 2002, 155–162 (2002)Google Scholar
- 8.Koch, M., Mancini, L.V., Parisi-Presicce, F.: Administrative scope in the graph-based framework. SACMAT 2004, 97–104 (2004)Google Scholar
- 10.Parrow, J.: An Introduction to the Pi calculus. Handbook of Process Algebra, pp. 479–543. Elsevier, Amsterdam (2001)Google Scholar
- 12.Abadi, M., Gordon, A.D.: A Calculus for Cryptographic Protocols: The Spi Calculus. In: ACM Conference on Computer and Communications Security, pp. 36–47 (1997)Google Scholar