• DocumentCode
    2359528
  • Title

    Detecting conflicts in a role-based delegation model

  • Author

    Schaad, Andreas

  • Author_Institution
    Dept. of Comput. Sci., York Univ., UK
  • fYear
    2001
  • fDate
    10-14 Dec. 2001
  • Firstpage
    117
  • Lastpage
    126
  • Abstract
    The RBAC96 access control model has been the basis for extensive work on role-based constraint specification and role-based delegation. However these practical extensions can also lead to conflicts at compile and run-time. We demonstrate, following a role-based, declarative approach, how conflicts between specified separation of duty constraints and delegation activities can be detected. This approach also demonstrates the general suitability of Prolog as an executable specification language for the simulation and analysis of role-based systems. Using an extended definition of a role we show how at least one of the conflicts can be resolved and discuss the impacts of this extension on the specified constraints.
  • Keywords
    PROLOG; authorisation; constraint handling; specification languages; Prolog; RBAC96; access control model; declarative approach; executable specification language; role-based constraint specification; role-based delegation; separation of duty; simulation; systems analysis; Access control; Analytical models; Computer science; NIST; Permission; Role transfer; Runtime; Specification languages;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Applications Conference, 2001. ACSAC 2001. Proceedings 17th Annual
  • Print_ISBN
    0-7695-1405-7
  • Type

    conf

  • DOI
    10.1109/ACSAC.2001.991528
  • Filename
    991528
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2359528