Resiliency Analysis of Role-Based Access Control via Constraint Enforcement and Mathematical Programming

Given a role-based access control (RBAC), resiliency checking problem (RCP) aims at determining whether every permission is executed by a user and all authorization constraints are satisfied when some users become absent. Although the problem is computationally hard, desirable solutions are still ex...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on systems, man, and cybernetics. Systems Vol. 54; no. 7; pp. 4089 - 4100
Main Authors: Yang, Benyuan, Hu, Hesuan
Format: Journal Article
Language:English
Published: New York IEEE 01.07.2024
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects:
Access control
Authorization
Integer linear programming (ILP)
Integer programming
Linear programming
Mathematical analysis
Mathematical models
Mathematical programming
Petri nets
Petri nets (PNs)
Reliability analysis
Resilience
resiliency
Role transfer
role-based access control (RBAC)
User satisfaction
Vectors
ISSN:2168-2216, 2168-2232
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Given a role-based access control (RBAC), resiliency checking problem (RCP) aims at determining whether every permission is executed by a user and all authorization constraints are satisfied when some users become absent. Although the problem is computationally hard, desirable solutions are still expected so as to guarantee the continuity of access control. In this article, we solve RCP for RBAC based on constraint enforcement and mathematical programming. We use Petri nets (PNs) to formalize RBAC. It is shown that each separation of duty constraint imposed on a PN modeling of RBAC can be enforced by a maximally permissive PN-based control structure. After implementing such control structure on the PN modeling of RBAC, we can obtain an admissible RBAC. We show that RCP of RBAC can be transformed into another problem, which determines whether each permission can be executed by a user in the admissible RBAC against the absence of some users. An integer linear programming-based approach is presented to accomplish such verification. The comparison between our approach and the existing one is given to illustrate the effectiveness and efficiency of ours.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:2168-2216
2168-2232
DOI:10.1109/TSMC.2024.3373567