RBAC-PAT: A policy analysis tool for role based access control

Mikhail I. Gofman; Ruiqi Luo; Ayla C. Solomon; Yingbin Zhang; Ping Yang; Scott D. Stoller

doi:10.1007/978-3-642-00768-2_4

RBAC-PAT: A policy analysis tool for role based access control

Mikhail I. Gofman
, Ruiqi Luo
, Ayla C. Solomon
, Yingbin Zhang
, Ping Yang
, Scott D. Stoller

Computer Science

State University of New York Binghamton University
Wellesley College

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

40 Scopus citations

Abstract

Role-Based Access Control (RBAC) has been widely used for expressing access control policies. Administrative Role-Based Access Control (ARBAC) specifies how an RBAC policy may be changed by each administrator. Because sequences of changes by different administrators may interact in unintended ways, it is often difficult to fully understand the effect of an ARBAC policy by simple inspection. This paper presents RBAC-PAT, a tool for analyzing RBAC and ARBAC policies, which supports analysis of various properties including reachability, availability, containment, weakest precondition, dead roles, and information flows.

Original language	English
Title of host publication	Tools and Algorithms for the Construction and Analysis of Systems - 15th International Conference, TACAS 2009 - Part of the Joint European Conf. on Theory and Practice of Software, ETAPS 2009, Proc.
Editors	Stefan Kowalewski, Anna Philippou
Publisher	Springer Verlag
Pages	46-49
Number of pages	4
ISBN (Print)	3642007678, 9783642007675
DOIs	https://doi.org/10.1007/978-3-642-00768-2_4
State	Published - 2009
Event	15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS 2009. Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009 - York, United Kingdom Duration: Mar 22 2009 → Mar 29 2009

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	5505 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS 2009. Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009
Country/Territory	United Kingdom
City	York
Period	03/22/09 → 03/29/09

Access to Document

10.1007/978-3-642-00768-2_4

Cite this

Gofman, M. I., Luo, R., Solomon, A. C., Zhang, Y., Yang, P., & Stoller, S. D. (2009). RBAC-PAT: A policy analysis tool for role based access control. In S. Kowalewski, & A. Philippou (Eds.), Tools and Algorithms for the Construction and Analysis of Systems - 15th International Conference, TACAS 2009 - Part of the Joint European Conf. on Theory and Practice of Software, ETAPS 2009, Proc. (pp. 46-49). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5505 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-642-00768-2_4

Gofman, Mikhail I. ; Luo, Ruiqi ; Solomon, Ayla C. et al. / RBAC-PAT : A policy analysis tool for role based access control. Tools and Algorithms for the Construction and Analysis of Systems - 15th International Conference, TACAS 2009 - Part of the Joint European Conf. on Theory and Practice of Software, ETAPS 2009, Proc.. editor / Stefan Kowalewski ; Anna Philippou. Springer Verlag, 2009. pp. 46-49 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{ff9be5823f01487a82c3dde2053e571c,

title = "RBAC-PAT: A policy analysis tool for role based access control",

abstract = "Role-Based Access Control (RBAC) has been widely used for expressing access control policies. Administrative Role-Based Access Control (ARBAC) specifies how an RBAC policy may be changed by each administrator. Because sequences of changes by different administrators may interact in unintended ways, it is often difficult to fully understand the effect of an ARBAC policy by simple inspection. This paper presents RBAC-PAT, a tool for analyzing RBAC and ARBAC policies, which supports analysis of various properties including reachability, availability, containment, weakest precondition, dead roles, and information flows.",

author = "Gofman, \{Mikhail I.\} and Ruiqi Luo and Solomon, \{Ayla C.\} and Yingbin Zhang and Ping Yang and Stoller, \{Scott D.\}",

year = "2009",

doi = "10.1007/978-3-642-00768-2\_4",

language = "English",

isbn = "3642007678",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "46--49",

editor = "Stefan Kowalewski and Anna Philippou",

booktitle = "Tools and Algorithms for the Construction and Analysis of Systems - 15th International Conference, TACAS 2009 - Part of the Joint European Conf. on Theory and Practice of Software, ETAPS 2009, Proc.",

note = "15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS 2009. Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009 ; Conference date: 22-03-2009 Through 29-03-2009",

}

Gofman, MI, Luo, R, Solomon, AC, Zhang, Y, Yang, P & Stoller, SD 2009, RBAC-PAT: A policy analysis tool for role based access control. in S Kowalewski & A Philippou (eds), Tools and Algorithms for the Construction and Analysis of Systems - 15th International Conference, TACAS 2009 - Part of the Joint European Conf. on Theory and Practice of Software, ETAPS 2009, Proc.. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 5505 LNCS, Springer Verlag, pp. 46-49, 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS 2009. Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009, York, United Kingdom, 03/22/09. https://doi.org/10.1007/978-3-642-00768-2_4

RBAC-PAT: A policy analysis tool for role based access control. / Gofman, Mikhail I.; Luo, Ruiqi; Solomon, Ayla C. et al.
Tools and Algorithms for the Construction and Analysis of Systems - 15th International Conference, TACAS 2009 - Part of the Joint European Conf. on Theory and Practice of Software, ETAPS 2009, Proc.. ed. / Stefan Kowalewski; Anna Philippou. Springer Verlag, 2009. p. 46-49 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5505 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - RBAC-PAT

T2 - 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS 2009. Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009

AU - Gofman, Mikhail I.

AU - Luo, Ruiqi

AU - Solomon, Ayla C.

AU - Zhang, Yingbin

AU - Yang, Ping

AU - Stoller, Scott D.

PY - 2009

Y1 - 2009

N2 - Role-Based Access Control (RBAC) has been widely used for expressing access control policies. Administrative Role-Based Access Control (ARBAC) specifies how an RBAC policy may be changed by each administrator. Because sequences of changes by different administrators may interact in unintended ways, it is often difficult to fully understand the effect of an ARBAC policy by simple inspection. This paper presents RBAC-PAT, a tool for analyzing RBAC and ARBAC policies, which supports analysis of various properties including reachability, availability, containment, weakest precondition, dead roles, and information flows.

AB - Role-Based Access Control (RBAC) has been widely used for expressing access control policies. Administrative Role-Based Access Control (ARBAC) specifies how an RBAC policy may be changed by each administrator. Because sequences of changes by different administrators may interact in unintended ways, it is often difficult to fully understand the effect of an ARBAC policy by simple inspection. This paper presents RBAC-PAT, a tool for analyzing RBAC and ARBAC policies, which supports analysis of various properties including reachability, availability, containment, weakest precondition, dead roles, and information flows.

UR - https://www.scopus.com/pages/publications/70350630726

U2 - 10.1007/978-3-642-00768-2_4

DO - 10.1007/978-3-642-00768-2_4

M3 - Conference contribution

AN - SCOPUS:70350630726

SN - 3642007678

SN - 9783642007675

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 46

EP - 49

BT - Tools and Algorithms for the Construction and Analysis of Systems - 15th International Conference, TACAS 2009 - Part of the Joint European Conf. on Theory and Practice of Software, ETAPS 2009, Proc.

A2 - Kowalewski, Stefan

A2 - Philippou, Anna

PB - Springer Verlag

Y2 - 22 March 2009 through 29 March 2009

ER -

Gofman MI, Luo R, Solomon AC, Zhang Y, Yang P, Stoller SD. RBAC-PAT: A policy analysis tool for role based access control. In Kowalewski S, Philippou A, editors, Tools and Algorithms for the Construction and Analysis of Systems - 15th International Conference, TACAS 2009 - Part of the Joint European Conf. on Theory and Practice of Software, ETAPS 2009, Proc.. Springer Verlag. 2009. p. 46-49. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-00768-2_4

RBAC-PAT: A policy analysis tool for role based access control

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this