Temporal role based access control models support the specification and enforcement of several temporal constraints on role enabling, role activation, and temporal role hierarchies among others. In this paper, we define three mappings that preserve the solutions to a class of policy problems (they map security analysis problems in presence of static temporal role hierarchies to problems without them) and we show how they can be used to extend the capabilities of a tool for the analysis of administrative temporal role-based access control policies to reason in presence of temporal role hierarchies. An experimental evaluation with a prototype implementation shows the better behavior of one of the proposed mappings over the other two. To the best of our knowledge, ours is the first tool capable of reasoning with (static) temporal role hierarchies. Copyright is held by the owner/author(s).
Automated analysis of RBAC policies with temporal constraints and static role hierarchies / Ranise, S.; Truong, A.; Vigano, L.. - 13-17-:(2015), pp. 2177-2184. (Intervento presentato al convegno 30th Annual ACM Symposium on Applied Computing, SAC 2015 tenutosi a esp nel 2015) [10.1145/2695664.2695787].
Automated analysis of RBAC policies with temporal constraints and static role hierarchies
Ranise S.;
2015-01-01
Abstract
Temporal role based access control models support the specification and enforcement of several temporal constraints on role enabling, role activation, and temporal role hierarchies among others. In this paper, we define three mappings that preserve the solutions to a class of policy problems (they map security analysis problems in presence of static temporal role hierarchies to problems without them) and we show how they can be used to extend the capabilities of a tool for the analysis of administrative temporal role-based access control policies to reason in presence of temporal role hierarchies. An experimental evaluation with a prototype implementation shows the better behavior of one of the proposed mappings over the other two. To the best of our knowledge, ours is the first tool capable of reasoning with (static) temporal role hierarchies. Copyright is held by the owner/author(s).I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione