Academic
Publications
Formal foundations for hybrid hierarchies in GTRBAC

Formal foundations for hybrid hierarchies in GTRBAC,10.1145/1284680.1284682,ACM Transactions on Information and System Security,James B. D. Joshi,Elis

Formal foundations for hybrid hierarchies in GTRBAC   (Citations: 10)
BibTex | RIS | RefWorks Download
of roles. We present a set of inference rules that can be used to generate all the possible derived rela- tions that can be inferred from a specified set of hierarchical relations and show that it is sound and complete. We also present an analysis of hierarchy transformations with respect to role addition, deletion, and partitioning, and show how various cases of these transformations allow the original permission acquisition and role-activation semantics to be managed. The formal results presented here provide a basis for developing efficient security administration and management tools.
Journal: ACM Transactions on Information and System Security - TISSEC , vol. 10, no. 4, pp. 1-39, 2008
Cumulative Annual
View Publication
The following links allow you to view full publications. These links are maintained by other sources not affiliated with Microsoft Academic Search.
    • ...Joshi, Bertibo, Ghafoor, & Zhang (2008) also introduced the notion of a uniquely activable set (UAS) associated with a role hierarchy that indicates the access capabilities of a user resulting from his membership to a role in the hierarchy...

    Dimitrios Baltatziset al. A Role Engineering Framework to Support Dynamic Authorizations in Coll...

    • ...To preclude such risks, PuRBAC HH extends PuRBAC H with the notion of hybrid hierarchies [9] for roles and purposes...

    Amirreza Masoumzadehet al. PuRBAC: Purpose-Aware Role-Based Access Control

    • ...Joshi et al. have defined the Uniquely Activable Set (UAS) to support such user-activation decisions [7]...
    • ...Joshi et al. have proposed a recursive algorithm to calculate the complete UAS based on the hybrid role hierarchy [7]...
    • ...The interested reader is referred to [7] for more details...
    • ...2 This assumption is used by UAS-CAL in [7]...
    • ...Joshi et al. have defined the notion of UAS to capture the set of roles that can be activated in one session [7], as follows:...

    Yue Zhanget al. Temporal UAS: Supporting Efficient RBAC Authorization in Presence of t...

    • ...The UAS can be defined as an extension of the definition in [6]:...

    Zhuo Tanget al. A Request-Driven Role Mapping for Secure Interoperation in Multi-Domai...

    • ...Chandran et al. have presented two approaches for computing the UAS of a hierarchy [3]: the decomposition based (DB) approach that constructs the UAS by computing UASs of the sub-hierarchies, and the derived relations based (DRB) approach that uses a set of implication rules, introduced in [13], to derive hierarchical relations between every pairs of roles in the hierarchy and then compute the UAS from them [3]...
    • ...Formally, the UAS can be defined as follows [13]...
    • ...In [13], it has been proved that a hybrid hierarchy can be split into an I-hierarchy and an A-hierarchy because of the fact that an IA relation represents the presence of both the A and I relations...
    • ...In such a case, the derived relation is the combination of the two relations derived through each path [13]...
    • ...The DRB approach, on the other hand, uses a set of implication rules, (we refer to [13] for the details), to derive hierarchical relations between every pairs of roles in the hierarchy and then compute the UAS from them...

    Siqing Duet al. Supporting authorization query and inter-domain role mapping in presen...

Sort by: