The University of Southampton
University of Southampton Institutional Repository

A Distributed Calculus for Role-Based Access Control

A Distributed Calculus for Role-Based Access Control
A Distributed Calculus for Role-Based Access Control
Role-based access control (RBAC) is increasingly attracting attention because it reduces the complexity and cost of security administration by interposing the notion of role in the assignment of permissions to users. In this paper, we present a formal framework relying on an extension of the π calculus to study the behavior of concurrent systems in a RBAC scenario. We define a type system ensuring that the specified policy is respected during computations, and a bisimulation to equate systems. The theory is then applied to three meaningful examples, namely finding the ‘minimal’ policy to run a given system, refining a system to be run under a given policy (whenever possible), and minimizing the number of users in a given system without changing the overall behavior.
role-based access control, pi calculus, process calculi, type systems, bisimulations, observational equivalences.
0-7695-2169-X
48-60
Braghin, C.
98752bfd-abab-4316-9f5d-dcf85df7a7ee
Gorla, D.
50a6c562-72c9-4512-87e9-003654d30a41
Sassone, V.
df7d3c83-2aa0-4571-be94-9473b07b03e7
Braghin, C.
98752bfd-abab-4316-9f5d-dcf85df7a7ee
Gorla, D.
50a6c562-72c9-4512-87e9-003654d30a41
Sassone, V.
df7d3c83-2aa0-4571-be94-9473b07b03e7

Braghin, C., Gorla, D. and Sassone, V. (2004) A Distributed Calculus for Role-Based Access Control. 17th IEEE Computer Security Foundations Workshop, CSFW'04.. pp. 48-60 .

Record type: Conference or Workshop Item (Paper)

Abstract

Role-based access control (RBAC) is increasingly attracting attention because it reduces the complexity and cost of security administration by interposing the notion of role in the assignment of permissions to users. In this paper, we present a formal framework relying on an extension of the π calculus to study the behavior of concurrent systems in a RBAC scenario. We define a type system ensuring that the specified policy is respected during computations, and a bisimulation to equate systems. The theory is then applied to three meaningful examples, namely finding the ‘minimal’ policy to run a given system, refining a system to be run under a given policy (whenever possible), and minimizing the number of users in a given system without changing the overall behavior.

Text
rbacCSFWoff.pdf - Other
Download (389kB)

More information

Published date: 2004
Venue - Dates: 17th IEEE Computer Security Foundations Workshop, CSFW'04., 2004-01-01
Keywords: role-based access control, pi calculus, process calculi, type systems, bisimulations, observational equivalences.
Organisations: Web & Internet Science

Identifiers

Local EPrints ID: 262299
URI: http://eprints.soton.ac.uk/id/eprint/262299
ISBN: 0-7695-2169-X
PURE UUID: e4d6ca89-ebc2-4eec-ae07-e0a2351c839c

Catalogue record

Date deposited: 11 Apr 2006
Last modified: 14 Mar 2024 07:09

Export record

Contributors

Author: C. Braghin
Author: D. Gorla
Author: V. Sassone

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×