This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Analyzing and Managing Role-Based Access Control Policies
July 2008 (vol. 20 no. 7)
pp. 924-939
ASCII Text
x 
 
Karsten Sohr, Michael Drouineaud, Gail-Joon Ahn, Martin Gogolla, "Analyzing and Managing Role-Based Access Control Policies," IEEE Transactions on Knowledge and Data Engineering, vol. 20, no. 7, pp. 924-939, July, 2008.
 
 
BibTex
x
 
@article{ 10.1109/TKDE.2008.28,
author = {Karsten Sohr and Michael Drouineaud and Gail-Joon Ahn and Martin Gogolla},
title = {Analyzing and Managing Role-Based Access Control Policies},
journal ={IEEE Transactions on Knowledge and Data Engineering},
volume = {20},
number = {7},
issn = {1041-4347},
year = {2008},
pages = {924-939},
doi = {http://doi.ieeecomputersociety.org/10.1109/TKDE.2008.28},
publisher = {IEEE Computer Society},
address = {Los Alamitos, CA, USA},
}
 
 
RefWorks Procite/RefMan/Endnote
x 
 
TY - JOUR
JO - IEEE Transactions on Knowledge and Data Engineering
TI - Analyzing and Managing Role-Based Access Control Policies
IS - 7
SN - 1041-4347
SP924
EP939
EPD - 924-939
A1 - Karsten Sohr,
A1 - Michael Drouineaud,
A1 - Gail-Joon Ahn,
A1 - Martin Gogolla,
PY - 2008
KW - Access controls
KW - Protection mechanisms
VL - 20
JA - IEEE Transactions on Knowledge and Data Engineering
ER -
 
Today more and more security-relevant data is stored on computer systems; security-critical business processes are mapped to their digital counterparts. This situation applies to various domains such as health care industry, digital government, and financial service institutes requiring that different security requirements must be fulfilled. Authorisation constraints can help the policy architect design and express higher-level organisational rules. Although the importance of authorisation constraints has been addressed in the literature, there does not exist a systematic way to verify and validate authorisation constraints. In this paper, we specify both non-temporal and history-based authorisation constraints in the Object Constraint Language (OCL) and first-order linear temporal logic (LTL). Based upon these specifications, we attempt to formally verify role-based access control policies with the help of a theorem prover and to validate policies with the USE system, a validation tool for OCL constraints. We also describe an authorisation engine, which supports the enforcement of authorisation constraints.

[1] KPMG, Fraud Survey Reports 1996-2002. KPMG Int'l Canada, 2006.
[2] EU, Directive on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data, Directive 95/46/EC, http://www.privacy.org/pi/intl_orgs/eceudp.html , 1995.
[3] M.J. Nash and K.R. Poland, “Some Conundrums Concerning Separation of Duty,” Proc. IEEE Symp. Research in Security and Privacy, pp. 201-207, 1990.
[4] D.D. Clark and D.R. Wilson, “A Comparison of Commercial and Military Computer Security Policies,” Proc. IEEE Symp. Security and Privacy (SSP '87), pp. 184-194, 1987.
[5] R. Sandhu, E. Coyne, H. Feinstein, and C. Youman, “Role-Based Access Control Models,” Computer, vol. 29, no. 2, pp. 38-47, Feb. 1996.
[6] G.-J. Ahn, “The RCL 2000 Language for Specifying Role-Based Authorization Constraints,” PhD dissertation, George Mason Univ., 1999.
[7] Role Based Access Control, Am. Nat'l Standards Inst. Incorporated, ANSI-INCITS 359-2004, 2004.
[8] T. Jaeger and J. Tidswell, “Practical Safety in Flexible Access Control Models,” ACM Trans. Information and System Security, vol. 4, no. 2, pp. 158-190, May 2001.
[9] T. Nipkow, L. Paulson, and M. Wenzel, Isabelle/HOL—A Proof Assistant for Higher-Order Logic. Springer, 2002.
[10] M. Richters, “A Precise Approach to Validating UML Models and OCL Constraints,” PhD dissertation, BISS Monographs No. 14, Fachbereich Math. und Informatik, Universität Bremen, 2002.
[11] R. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley & Sons, 2001.
[12] R. Goldblatt, Logics of Time and Computation, vol. 7, CSLI, Stanford Univ., second ed., revised and expanded, CSLI Lecture Notes, (first ed. 1987), distributed by Univ. of Chicago Press, 1992.
[13] V.D. Gligor, S.I. Gavrila, and D. Ferraiolo, “On the Formal Definition of Separation-of-Duty Policies and Their Composition,” Proc. IEEE Symp. Security and Privacy (SSP '98), pp. 172-185, May 1998.
[14] Z. Manna and A. Pnueli, The Temporal Logic of Reactive and Concurrent Systems, Specification. Springer, 1992.
[15] J. Warmer and A. Kleppe, The Object Constraint Language: Getting Your Models Ready for MDA. Addison-Wesley, 2003.
[16] G.-J. Ahn and M. Shin, “Role-Based Authorization Constraints Specification Using Object Constraint Language,” Proc. 10th IEEE Int'l Workshops Enabling Technologies: Infrastructure for Collaborative Enterprise (WET ICE '01), pp. 157-162, 2001.
[17] I. Ray, N. Li, R. France, and D.-K. Kim, “Using UML to Visualize Role-Based Access Control Constraints,” Proc. Ninth ACM Symp. Access Control Models and Technologies (SACMAT '04), pp. 115-124, 2004.
[18] R. Simon and M. Zurko, “Separation of Duty in Role-Based Environments,” Proc. 10th IEEE Computer Security Foundations Workshop (CSFW '97), pp. 183-194, June 1997.
[19] K. Sohr, M. Drouineaud, and G.-J. Ahn, “Formal Specification of Role-based Security Policies for Clinical Information Systems,” Proc. 20th ACM Symp. Applied Computing (SAC), 2005.
[20] V. Atluri and J. Warner, “Supporting Conditional Delegation in Secure Workflow Management Systems,” Proc. 10th ACM Symp. Access Control Models and Technologies (SACMAT '05), E. Ferrari and G.-J. Ahn, eds., pp. 49-58, 2005.
[21] J. Joshi, E. Bertino, U. Latif, and A. Ghafoor, “A Generalized Temporal Role-Based Access Control Model,” IEEE Trans. Knowledge and Data Eng., vol. 17, no. 1, pp. 4-23, Jan. 2005.
[22] E. Bertino, E. Ferrari, and V. Atluri, “The Specification and Enforcement of Authorization Constraints in Workflow Management Systems,” ACM Trans. Information and System Security, vol. 2, no. 1, pp. 65-104, 1999.
[23] T. Mossakowski, M. Drouineaud, and K. Sohr, “A Temporal-Logic Extension of Role-Based Access Control Covering Dynamic Separation of Duties,” Proc. 10th Int'l Symp. Temporal Representation and Reasoning/Fourth Int'l Conf. Temporal Logic (TIME-ICTL '03), July 2003.
[24] R. Sandhu, “Transaction Control Expressions for Separation of Duties,” Proc. Fourth Aerospace Computer Security Applications Conf., pp. 282-286, 1988.
[25] A. Schaad, V. Lotz, and K. Sohr, “A Model-Checking Approach to Analysing Organisational Controls in a Loan Origination Process,” Proc. 11th ACM Symp. Access Control Models and Technologies (SACMAT '06), June 2006.
[26] E. Barka and R. Sandhu, “A Role-Based Delegation Model and Some Extensions,” Proc. 16th Ann. Computer Security Application Conf., pp. 125-134, Dec. 2000.
[27] H.M. Gladney, “Access Control for Large Collections,” ACM Trans. Information Systems, vol. 15, no. 2, pp. 154-194, 1997.
[28] V. Atluri and J. Warner, “Supporting Conditional Delegation in Secure Workflow Management Systems,” Proc. 10th ACM Symp. Access Control Models and Technologies (SACMAT '05), pp. 49-58, June 2005.
[29] J. Joshi and E. Bertino, “Fine-Grained Role-Based Delegation in Presence of the Hybrid Role Hierarchy,” Proc. 11th ACM Symp. Access Control Models and Technologies, pp. 81-90, June 2006.
[30] L. Zhang, G.-J. Ahn, and B.-T. Chu, “A Rule-Based Framework for Role-Based Delegation and Revocation,” ACM Trans. Information and System Security, vol. 6, no. 3, pp. 404-441, Aug. 2003.
[31] A. Hagström, S. Jajodia, F. Parisi-Presicce, and D. Wijesekera, “Revocations—A Classification,” Proc. 14th IEEE Computer Security Foundations Workshop (CSFW '01), pp. 44-58, June 2001.
[32] K. Sohr and M. Drouineaud, “Isabelle Theories,” http://www.sis.uncc.edu/liisp/rbacIsabelle.zip , 2005.
[33] A. Turing, “On Computable Numbers with an Application to the Entscheidungs Problem,” Proc. London Math. Soc. (2), vol. 42, pp.230-265, www.abelard.orgturpap2, 1936.
[34] M. Drouineaud, M. Bortin, P. Torrini, and K. Sohr, “A First Step towards Formal Verification of Security Policy Properties for RBAC,” Proc. Fourth Int'l Conf. Quality Software (QSIC '04), pp. 60-67, 2004.
[35] E. Clarke, O. Grumberg, and A. Peled, Model Checking. MIT Press, 1999.
[36] J. Rumbaugh, I. Jacobson, and G. Booch, “The Unified Modeling Language Reference Manual,” Object Technology Series, second ed., Addison Wesley Longman, 2004.
[37] K. Sohr, G.-J. Ahn, M. Gogolla, and L. Migge, “Specification and Validation of Authorisation Constraints with UML and OCL,” Proc. 10th European Symp. Research in Computer Security (ESORICS), 2005.
[38] M. Gogolla, J. Bohling, and M. Richters, “Validation of UML and OCL Models by Automatic Snapshot Generation,” Proc. Sixth Int'l Conf. Unified Modeling Language (UML '03), pp. 265-279, 2003.
[39] K. Sohr, G.-J. Ahn, and L. Migge, “Articulating and Enforcing Authorisation Policies with UML and OCL,” Proc. ACM ICSE Workshop Software Eng. for Secure Systems (SESS '05), May 2005.
[40] OASIS, eXtensible Access Control Markup Language (XACML) Version 2.0, http://docs.oasis-open.org/xacml/2.0access_control -xacml-2.0-core-spec-os.pdf , 2005.
[41] P. Ziemann and M. Gogolla, “An OCL Extension for Formulating Temporal Constraints,” Research Report 1/03, Universität Bremen, 2003.
[42] M. Gogolla and M. Richters, “Transformation Rules for UML Class Diagrams,” Proc. First Int'l Workshop Unified Modeling Language (UML '98), pp. 92-106, 1999.
[43] B. Shafiq, A. Masood, J. Joshi, and A. Ghafoor, “A Role-Based Access Control Policy Verification Framework for Real-Time Systems,” Proc. 10th IEEE Int'l Workshop Object-Oriented Real-Time Dependable Systems (WORDS '05), pp. 13-20, 2005.
[44] M. Koch, L. Mancini, and F. Parisi-Presicce, “Graph-Based Specification of Access Control Policies,” J. Computer and System Sciences, vol. 71, no. 3, pp. 1-33, 2005.
[45] J. Crampton, “Specifying and Enforcing Constraints in Role-Based Access Control,” Proc. Eighth ACM Symp. Access Control Models and Technologies (SACMAT '03), pp. 43-50, June 2003.
[46] J. Wainer and A. Kumar, “A Fine-Grained, Controllable, User-to-User Delegation Method in RBAC,” Proc. 10th ACM Symp. Access Control Models and Technologies (SACMAT '05), pp. 59-66, June 2005.

Index Terms:
Access controls, Protection mechanisms
Citation:
Karsten Sohr, Michael Drouineaud, Gail-Joon Ahn, Martin Gogolla, "Analyzing and Managing Role-Based Access Control Policies," IEEE Transactions on Knowledge and Data Engineering, vol. 20, no. 7, pp. 924-939, July 2008, doi:10.1109/TKDE.2008.28
Usage of this product signifies your acceptance of the Terms of Use.