DocumentCode :
2359528
Title :
Detecting conflicts in a role-based delegation model
Author :
Schaad, Andreas
Author_Institution :
Dept. of Comput. Sci., York Univ., UK
fYear :
2001
fDate :
10-14 Dec. 2001
Firstpage :
117
Lastpage :
126
Abstract :
The RBAC96 access control model has been the basis for extensive work on role-based constraint specification and role-based delegation. However these practical extensions can also lead to conflicts at compile and run-time. We demonstrate, following a role-based, declarative approach, how conflicts between specified separation of duty constraints and delegation activities can be detected. This approach also demonstrates the general suitability of Prolog as an executable specification language for the simulation and analysis of role-based systems. Using an extended definition of a role we show how at least one of the conflicts can be resolved and discuss the impacts of this extension on the specified constraints.
Keywords :
PROLOG; authorisation; constraint handling; specification languages; Prolog; RBAC96; access control model; declarative approach; executable specification language; role-based constraint specification; role-based delegation; separation of duty; simulation; systems analysis; Access control; Analytical models; Computer science; NIST; Permission; Role transfer; Runtime; Specification languages;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Computer Security Applications Conference, 2001. ACSAC 2001. Proceedings 17th Annual
Print_ISBN :
0-7695-1405-7
Type :
conf
DOI :
10.1109/ACSAC.2001.991528
Filename :
991528
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2359528
بازگشت