6th European Symposium on Research in Computer Security (ESORICS 2000)
A Formal Model for Role-Based Access Control Using Graph Transformations
Manuel Koch, Luigi V. Mancini, Francesco Parisi-Presicce
Abstract : Role-Based Access Control (RBAC) is supported directly or in a closely related form, by a number of products. This paper presents a formalization of RBAC using graph transformations which is a graphical specification technique based on a generalization to nonlinear structures of classical string grammars. This proposed formalization provides an intuitive description for the manipulation of graph structures as they occur in information systems access control, a specification of static and dynamic consistency conditions on graphs and graph transformations, a uniform treatment of user roles and administrative roles, and a detailed analysis of the decentralization of administrative roles. Moreover, the properties of a given RBAC specification can be verified by employing one of the graph transformation tools available.
Proceedings table of contents