The University of Southampton
University of Southampton Institutional Repository

Policy analysis for self-administrated role-based access control

Ferrara, Anna Lisa, Madhusudan, P. and Parlato, Gennaro (2013) Policy analysis for self-administrated role-based access control At TACAS 2013: 19th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), Italy. 16 - 24 Mar 2013. 15 pp.

Record type: Conference or Workshop Item (Paper)


Current techniques for security analysis of administrative role-based access control (ARBAC) policies restrict themselves to the separate administration assumption that essentially separates administrative roles from regular ones. The naive algorithm of tracking all users is all that is known for the security analysis of ARBAC policies without separate administration, and the state space explosion that this results in precludes building effective tools. In contrast, the separate administration assumption greatly simplifies the analysis since it makes it sufficient to track only one user at a time. However, separation limits the expressiveness of the models and restricts modeling distributed administrative control. In this paper, we undertake a fundamental study of analysis of ARBAC policies without the separate administration restriction, and show that analysis algorithms can be built that track only a bounded number of users, where the bound depends only on the number of administrative roles in the system. Using this fundamental insight paves the way for us to design an involved heuristic to further tame the state space explosion in practical systems. Our results are also very effective when applied on policies designed under the separate administration restriction. We implement our techniques and report on experiments conducted on several realistic case studies.

PDF ARBACpruning (2).pdf - Other
Download (216kB)

More information

Published date: 16 March 2013
Venue - Dates: TACAS 2013: 19th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), Italy, 2013-03-16 - 2013-03-24
Organisations: Electronic & Software Systems


Local EPrints ID: 344391
PURE UUID: ad207299-9e6d-463c-ab2c-82c5cc86e843

Catalogue record

Date deposited: 21 Jan 2013 15:02
Last modified: 18 Jul 2017 05:16

Export record


Author: Anna Lisa Ferrara
Author: P. Madhusudan
Author: Gennaro Parlato

University divisions

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton:

ePrints Soton supports OAI 2.0 with a base URL of

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.