{"title":"几种基于角色的平面访问控制模型的正式Z规范","authors":"A. Abdallah, E. Khayat","doi":"10.1109/SEW.2006.20","DOIUrl":null,"url":null,"abstract":"Role-based access control (RBAC) is a high level authorization mechanism in which access decisions are based on the roles that users hold within an organization. Because RBAC offers scalability, consistency and ease of maintenance, it is very useful, particularly for large organizations. RBAC has been used to describe authorization in a wide variety of applications ranging from operating systems and databases to complex information systems. Despite its widespread adoption, however, there doesn't seem to be a common agreement on the semantics of even key RBAC concepts. For examples, the definitions of fundamental terms such as subject, principal, role, task, and permission have been open to many different and sometimes inconsistent interpretations. This paper attempts to clarify and define essential RBAC concepts. Based on these definitions, a variety of state-based flat role based access control models are developed. These models have increasing degrees of complexity and are formulated in the specification notation Z. The starting point is a core RBAC model which, in turn, is successively refined into a series of flat RBAC models with increasing levels of details. The semantics of each model is captured by giving a precise formulation of its corresponding reference monitor which makes access control decisions","PeriodicalId":127158,"journal":{"name":"2006 30th Annual IEEE/NASA Software Engineering Workshop","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2006-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"19","resultStr":"{\"title\":\"Formal Z Specifications of Several Flat Role-Based Access Control Models\",\"authors\":\"A. Abdallah, E. Khayat\",\"doi\":\"10.1109/SEW.2006.20\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Role-based access control (RBAC) is a high level authorization mechanism in which access decisions are based on the roles that users hold within an organization. Because RBAC offers scalability, consistency and ease of maintenance, it is very useful, particularly for large organizations. RBAC has been used to describe authorization in a wide variety of applications ranging from operating systems and databases to complex information systems. Despite its widespread adoption, however, there doesn't seem to be a common agreement on the semantics of even key RBAC concepts. For examples, the definitions of fundamental terms such as subject, principal, role, task, and permission have been open to many different and sometimes inconsistent interpretations. This paper attempts to clarify and define essential RBAC concepts. Based on these definitions, a variety of state-based flat role based access control models are developed. These models have increasing degrees of complexity and are formulated in the specification notation Z. The starting point is a core RBAC model which, in turn, is successively refined into a series of flat RBAC models with increasing levels of details. The semantics of each model is captured by giving a precise formulation of its corresponding reference monitor which makes access control decisions\",\"PeriodicalId\":127158,\"journal\":{\"name\":\"2006 30th Annual IEEE/NASA Software Engineering Workshop\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2006-04-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"19\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2006 30th Annual IEEE/NASA Software Engineering Workshop\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SEW.2006.20\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2006 30th Annual IEEE/NASA Software Engineering Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SEW.2006.20","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Formal Z Specifications of Several Flat Role-Based Access Control Models
Role-based access control (RBAC) is a high level authorization mechanism in which access decisions are based on the roles that users hold within an organization. Because RBAC offers scalability, consistency and ease of maintenance, it is very useful, particularly for large organizations. RBAC has been used to describe authorization in a wide variety of applications ranging from operating systems and databases to complex information systems. Despite its widespread adoption, however, there doesn't seem to be a common agreement on the semantics of even key RBAC concepts. For examples, the definitions of fundamental terms such as subject, principal, role, task, and permission have been open to many different and sometimes inconsistent interpretations. This paper attempts to clarify and define essential RBAC concepts. Based on these definitions, a variety of state-based flat role based access control models are developed. These models have increasing degrees of complexity and are formulated in the specification notation Z. The starting point is a core RBAC model which, in turn, is successively refined into a series of flat RBAC models with increasing levels of details. The semantics of each model is captured by giving a precise formulation of its corresponding reference monitor which makes access control decisions
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
