A Logical Approach to Dynamic Role-Based Access Control

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5253)


Since its formalization RBAC has become the yardstick for the evaluation of access control formalisms. In order to meet organizational needs, it has been extended along several directions: delegation, separation of duty, history-based access control, etc. We propose in this paper an access control language in which RBAC and all the above-listed extensions can be encoded. In contrast with Cassandra, we have not promoted role management mechanism to first-class citizenship, and have based our model on the assumption that access control systems could be separated into a dynamic part that evolves according to actions performed by users and a static part. We solve in this paper decision problems related to access control for policies expressed in this language.


Access control language RBAC privacy policy 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M.: Logic in access control. In: 18th IEEE Symposium on logic in Computer Science (LICS 2003), pp. 228–233. IEEE Computer Society, Los Alamitos (2003)CrossRefGoogle Scholar
  2. 2.
    Becker, M., Sewell, P.: Cassandra: distributed access control policies with tunable expressiveness. In: 5th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2004), pp. 159–168. IEEE Computer Society, Los Alamitos (2004)CrossRefGoogle Scholar
  3. 3.
    Becker, M., Sewell, P.: Cassandra: flexible trust management, applied to electronic health records. In: Proceedings of the 17th IEEE Computer Science Foundations Workshop (CSFW 2004), pp. 139–154. IEEE Computer Society Press, Los Alamitos (2004)CrossRefGoogle Scholar
  4. 4.
    Bell, D., LaPadula, L.: Secure Computer Systems: Mathematical Foundations. MITRE Corporation (1973)Google Scholar
  5. 5.
    Bonner, A.J., Kifer, M.: An overview of transaction logic. Theoretical Computer Science 133(2), 205–265 (1994)zbMATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Ferraiolo, D., Kuhn, D.: Role-based access controls. In: 15th NIST-NCSC National Computer Security Conference, pp. 554–563 (1992)Google Scholar
  7. 7.
    Garey, M., Johnson, D.: Computers and Intractability. A Guide to the Theory of NP-Completeness. W.H. Freeman, New York (1979)Google Scholar
  8. 8.
    Harrison, M., Ruzzo, W., Ullman, J.: On protection in operating systems. Communications of the ACM 19, 461–471 (1976)zbMATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Li, N., Mitchell, J., Winsborough, W.: Design of a role-based trust-management framework. In: Symposium on Security and Privacy, pp. 114–130. IEEE Computer Society Press, Los Alamitos (2002)Google Scholar
  10. 10.
    Papadimitriou, C.: Computational Complexity. Addison-Wesley, Reading (1994)zbMATHGoogle Scholar
  11. 11.
    Zhang, X., Oh, S., Sandhu, R.: PDBM: A flexible delegation model in RBAC. In: Proceedings of the 8th ACM Symposium on Access Control Models and Technologies (SACMAT 2003), pp. 149–157. ACM, New York (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  1. 1.Institut de recherche en informatique de ToulouseToulouse UniversityFrance

Personalised recommendations