Learn More
We propose the role-and-relation-based access control (R<sup>2</sup>BAC) model for workflow authorization systems. In R<sup>2</sup>BAC, in addition to a user&#8217;s role memberships, the user&#8217;s relationships with other users help determine whether the user is allowed to perform a certain step in a workflow. For example, a constraint may require that(More)
Databases are increasingly being used to store information covered by heterogeneous policies, which require support for access control with great flexibility. This has led to increasing interest in using fine-grained access control, where different cells in a relation may be governed by different access control rules. Although several proposals have been(More)
With the growing adoption of Role-Based Access Control (RBAC) in commercial security and identity management products, how to facilitate the process of migrating a non-RBAC system to an RBAC system has become a problem with significant business impact. Researchers have proposed to use data mining techniques to discover roles to complement the costly(More)
Many access control policy languages, e.g., XACML, allow a policy to contain multiple sub-policies, and the result of the policy on a request is determined by combining the results of the sub-policies according to some policy combining algorithms (PCAs). Existing access control policy languages, however, do not provide a formal language for specifying PCAs.(More)
We introduce the notion of resiliency policies in the context of access control systems. Such policies require an access control system to be resilient to the absence of users. An example resiliency policy requires that upon removal of any <i>s</i> users, there should still exist <i>d</i> disjoint sets of users such that the users in each set together(More)
— Specifying and managing access control policies is a challenging problem. We propose to develop formal verification techniques for access control policies to improve the current state of the art of policy specification and management. In this paper, we formalize classes of security analysis problems in the context of Role-Based Access Control. We show(More)
A high-level security policy states an overall requirement for a sensitive task. One example of a high-level security policy is a separation of duty policy, which requires a sensitive task to be performed by a team of at least <i>k</i> users. It states a high-level requirement about the task without the need to refer to individual steps in the task. While(More)