The University of Southampton
University of Southampton Institutional Repository

Role-based access control for a distributed calculus

Role-based access control for a distributed calculus
Role-based access control for a distributed calculus
Role-based access control (RBAC) is increasingly attracting attention because it reduces the complexity and cost of security administration by interposing the notion of role in the assignment of permissions to users. In this paper, we present a formal framework relying on an extension of the $\pi$-calculus to study the behaviour of concurrent systems in a RBAC scenario. We define a type system ensuring that the specified policy is respected during computations, and a behavioural equivalence to equate systems. We then consider a more sophisticated feature that can be easily integrated in our framework, i.e., the possibility of automatically adding role activations and deactivations to processes to be run under a given policy (whenever possible). Finally, we show how the framework can be easily extended to express significant extensions of the core RBAC model, such as roles hierarchies or constraints determining the acceptability of the system components.
role-based access control, security, language-based security distributed calculi, semantics of distributed systems
133-155
Braghin, C.
98752bfd-abab-4316-9f5d-dcf85df7a7ee
Gorla, D.
50a6c562-72c9-4512-87e9-003654d30a41
Sassone, V.
df7d3c83-2aa0-4571-be94-9473b07b03e7
Braghin, C., Gorla, D. and Sassone, V. (2006) Role-based access control for a distributed calculus Journal of Computer Security, 14, (2), pp. 133-155.

Braghin, C., Gorla, D. and Sassone, V. (2006) Role-based access control for a distributed calculus Journal of Computer Security, 14, (2), pp. 133-155.

Record type: Article

Abstract

Role-based access control (RBAC) is increasingly attracting attention because it reduces the complexity and cost of security administration by interposing the notion of role in the assignment of permissions to users. In this paper, we present a formal framework relying on an extension of the $\pi$-calculus to study the behaviour of concurrent systems in a RBAC scenario. We define a type system ensuring that the specified policy is respected during computations, and a behavioural equivalence to equate systems. We then consider a more sophisticated feature that can be easily integrated in our framework, i.e., the possibility of automatically adding role activations and deactivations to processes to be run under a given policy (whenever possible). Finally, we show how the framework can be easily extended to express significant extensions of the core RBAC model, such as roles hierarchies or constraints determining the acceptability of the system components.

PDF bgs-jcs05.pdf - Other
Download (297kB)

More information

Published date: 2006
Additional Information: To appear
Keywords: role-based access control, security, language-based security distributed calculi, semantics of distributed systems
Organisations: Web & Internet Science

Identifiers

Local EPrints ID: 261848
URI: http://eprints.soton.ac.uk/id/eprint/261848
PURE UUID: 296e7ee8-ab56-43fd-a3e3-521dd5db00c4

Catalogue record

Date deposited: 27 Jan 2006
Last modified: 18 Jul 2017 08:58

Export record

Contributors

Author: C. Braghin
Author: D. Gorla
Author: V. Sassone

University divisions

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×