A distributed calculus for role-based access control

Author

Braghin, Chiara ; Gorla, Daniele ; Sassone, Vladimiro

Author_Institution

Dip. di Informatica, Univ. Ca´´ Foscari di Venezia, Venice, Italy

fYear

2004

fDate

28-30 June 2004

Firstpage

48

Lastpage

60

Abstract

Role-based access control (RBAC) is increasingly attracting attention because it reduces the complexity and cost of security administration by interposing the notion of role in the assignment of permissions to users. In this paper, we present a formal framework relying on an extension of the π calculus to study the behavior of concurrent systems in a RBAC scenario. We define a type system ensuring that the specified policy is respected during computations, and a bisimulation to equate systems. The theory is then applied to three meaningful examples, namely finding the ´minimal´ policy to run a given system, refining a system to be run under a given policy (whenever possible), and minimizing the number of users in a given system without changing the overall behavior.

Keywords

authorisation; calculus of communicating systems; multi-access systems; multiprocessing systems; pi calculus; bisimulation; complexity; concurrent systems; distributed calculus; formal framework; pi calculus; role-based access control; security administration; user permission; Access control; Calculus; Costs; Database systems; NIST; Permission; Runtime; Security; Standards development; Web server;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Foundations Workshop, 2004. Proceedings. 17th IEEE

ISSN

1063-6900

Print_ISBN

0-7695-2169-X

Type

conf

DOI

10.1109/CSFW.2004.1310731

Filename

1310731