Resiliency Analysis of Role-Based Access Control via Constraint Enforcement and Mathematical Programming

Given a role-based access control (RBAC), resiliency checking problem (RCP) aims at determining whether every permission is executed by a user and all authorization constraints are satisfied when some users become absent. Although the problem is computationally hard, desirable solutions are still ex...

Celý popis

Uložené v:
Podrobná bibliografia
Vydané v:IEEE transactions on systems, man, and cybernetics. Systems Ročník 54; číslo 7; s. 4089 - 4100
Hlavní autori: Yang, Benyuan, Hu, Hesuan
Médium: Journal Article
Jazyk:English
Vydavateľské údaje: New York IEEE 01.07.2024
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Predmet:
Access control
Authorization
Integer linear programming (ILP)
Integer programming
Linear programming
Mathematical analysis
Mathematical models
Mathematical programming
Petri nets
Petri nets (PNs)
Reliability analysis
Resilience
resiliency
Role transfer
role-based access control (RBAC)
User satisfaction
Vectors
ISSN:2168-2216, 2168-2232
On-line prístup:Získať plný text
Tagy: Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
Popis
Shrnutí:Given a role-based access control (RBAC), resiliency checking problem (RCP) aims at determining whether every permission is executed by a user and all authorization constraints are satisfied when some users become absent. Although the problem is computationally hard, desirable solutions are still expected so as to guarantee the continuity of access control. In this article, we solve RCP for RBAC based on constraint enforcement and mathematical programming. We use Petri nets (PNs) to formalize RBAC. It is shown that each separation of duty constraint imposed on a PN modeling of RBAC can be enforced by a maximally permissive PN-based control structure. After implementing such control structure on the PN modeling of RBAC, we can obtain an admissible RBAC. We show that RCP of RBAC can be transformed into another problem, which determines whether each permission can be executed by a user in the admissible RBAC against the absence of some users. An integer linear programming-based approach is presented to accomplish such verification. The comparison between our approach and the existing one is given to illustrate the effectiveness and efficiency of ours.
Bibliografia:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:2168-2216
2168-2232
DOI:10.1109/TSMC.2024.3373567