Skip Navigation



The Computer Journal Advance Access published online on April 3, 2008
The Computer Journal, doi:10.1093/comjnl/bxn016
This Article
Right arrow Full Text
Right arrow Full Text (PDF)
Right arrow Alert me when this article is cited
Right arrow Alert me if a correction is posted
Services
Right arrow Email this article to a friend
Right arrow Similar articles in this journal
Right arrow Alert me to new issues of the journal
Right arrow Add to My Personal Archive
Right arrow Download to citation manager
Right arrowRequest Permissions
Google Scholar
Right arrow Articles by Power, D.
Right arrow Articles by Simpson, A.
Social Bookmarking
Add to CiteULike   Add to Connotea   Add to Del.icio.us  
What's this?

© The Author 2008. Published by Oxford University Press on behalf of The British Computer Society. All rights reserved. For Permissions, please email: journals.permissions@oxfordjournals.org

On Formalizing and Normalizing Role-Based Access Control Systems

David Power*, Mark Slaymaker and Andrew Simpson

Oxford University Computing Laboratory, Wolfson Building, Parks Road, Oxford OX1 3QD, UK

* Corresponding author: David.Power{at}comlab.ox.ac.uk

Received 3 October 2006; revised 7 February 2008

Role-based access control (RBAC) has emerged as the dominant access control paradigm for service-oriented systems, with this dominance being reflected by the popularity of RBAC both with the research community and with information technology vendors. RBAC's dominance was solidified in 2004 when an American National Standards Institute standard for RBAC was approved. In this paper, we consider some of the drawbacks of this standard and show how the formal description technique, Z, has been used to underpin a model of RBAC. The model builds on the work of Li et al. and adopts a modular approach. In particular, we consider the relationships between different types of inheritance within our model. We show our model can be used to define a notion of equivalence between different RBAC systems. Finally, we show how—via our model—a particular RBAC system can be normalized to produce a simpler—but semantically equivalent—representation. We illustrate this process via two examples.

Key Words: D.2.4 software/program verification—formal methods • D.4.6 security and protection—access control • role-based access controls • Z specification language


Add to CiteULike CiteULike   Add to Connotea Connotea   Add to Del.icio.us Del.icio.us    What's this?




Disclaimer:
Please note that abstracts for content published before 1996 were created through digital scanning and may therefore not exactly replicate the text of the original print issues. All efforts have been made to ensure accuracy, but the Publisher will not be held responsible for any remaining inaccuracies. If you require any further clarification, please contact our Customer Services Department.