Affiliation:
1. Univ. of North Carolina at Charlotte, NC
2. George Mason Univ., Faifax, VA
Abstract
Constraints are an important aspect of role-based access control (RBAC) and are often regarded as one of the principal motivations behind RBAC. Although the importance of contraints in RBAC has been recogni zed for a long time, they have not recieved much attention. In this article, we introduce an intuitive formal language for specifying role-based authorization constraints named
RCL 2000
including its basic elements, syntax, and semantics. We give soundness and completeness proofs for
RCL 2000
relative to a restricted form of first-order predicate logic. Also, we show how previously identified role-based authorization constraints such as separtation of duty (SOD) can be expressed in our language. Moreover, we show there are other significant SOD properties that have not been previously identified in the literature. Our work shows that there are many alternate formulations of even the simplest SOD properties, with varying degree of flexibility and assurance. Our language provides us a rigorous foundation for systematic study of role-based authorization constraints.
Publisher
Association for Computing Machinery (ACM)
Subject
Safety, Risk, Reliability and Quality,General Computer Science
Cited by
203 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献