FORMAL DECISION MODELING FOR ROLE-BASED ACCESS CONTROL POLICIES

Abstract

Role-Based Access Control (RBAC) has been widely used in information systems, including so-called critical systems. In business, workflows are used to control the flow of processes. One of the major issues concerning these processes is to be able to verify that a proposed process model strictly corresponds to the specifications to which it is supposed to respond. Access control models describe the frameworks that dictate permissions. The RBAC model is generally static, i.e. the access control decisions are: grant or deny. Dynamic and flexible access control is required. In order to increase the flexibility of access control, the notion of decision has been proposed. Decisions execute the requirements to be fulfilled. The main of this article is to use the decision to produce a dynamic model. Our model augments the dynamics of the RBAC model. It allows dynamically assigning permissions. For illustration, Feather's meeting management system is used. Finally, first-order logic is used to analyze the validity of the proposed model.