DocumentCode
3211797
Title
Formal authorization allocation approaches for role-based access control based on relational algebra operations
Author
Wang, Hua ; Cao, Jinli ; Zhang, Yanchun
Author_Institution
Dept. of Maths & Comput., Univ. of Southern Queensland, Toowoomba, Qld., Australia
fYear
2002
fDate
12-14 Dec. 2002
Firstpage
301
Lastpage
310
Abstract
We develop formal authorization allocation algorithms for role-based access control (RBAC). The formal approaches are based on relational structure, and relational algebra and operations. The process of user-role assignments is an important issue in RBAC because it may modify the authorization level or imply high-level confidential information to be derived while users change positions and request different roles. There are two types of problems which may arise in user-role assignment. One is related to the authorization granting process. When a role is granted to a user this role may conflict with other roles of the user or together with this role; the user may have or derive a high level of authority. Another is related to authorization revocation. When a role is revoked from a user, the user may still have the role from other roles. To solve these problems, this paper presents an authorization granting algorithm, and weak revocation and strong revocation algorithms that are based on relational algebra. The algorithms can be used to check conflicts and therefore to help allocate roles without compromising the security in RBAC. We describe how to use the new algorithms with an anonymity scalable payment scheme. Finally, comparisons with other related work are discussed.
Keywords
authorisation; electronic money; relational algebra; relational databases; anonymity scalable payment scheme; authorization granting process; authorization revocation; conflict checking; formal authorization allocation algorithms; high-level confidential information; relational algebra operations; relational structure; role-based access control; security; strong revocation algorithms; user-role assignments; weak revocation algorithms; Access control; Algebra; Authorization; Data security; Database systems; Humans; NIST; National security; Operating systems; Permission;
fLanguage
English
Publisher
ieee
Conference_Titel
Web Information Systems Engineering, 2002. WISE 2002. Proceedings of the Third International Conference on
Print_ISBN
0-7695-1766-8
Type
conf
DOI
10.1109/WISE.2002.1181666
Filename
1181666
Link To Document