Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Article type: Research Article
Authors: Tripunitara, Mahesh V.a; * | Li, Ninghuib
Affiliations: [a] Motorola Labs, Schaumburg, IL 60196, USA. E-mail: tripunit@motorola.com | [b] Department of Computer Science and CERIAS, Purdue University, West Lafayette, IN 47907, USA. E-mail: ninghui@cs.purdue.edu
Correspondence: [*] Corresponding author. Address: Motorola, 1301 E Algonquin Road, IL02–2712, Schaumburg, IL 60196, USA. Tel.: +1 847 576 7883.
Note: [1] A preliminary version of this paper appears in the proceedings of the 2004 ACM Conference on Computer and Communications Security (CCS) [23].
Abstract: We present a theory for comparing the expressive power of access control models. The theory is based on simulations that preserve security properties. We perceive access control systems as state-transition systems and present two kinds of simulations, reductions and state-matching reductions. In applying the theory, we highlight four new results and discuss these results in the context of other results that can be inferred or are known. One result indicates that the access matrix scheme due to Harrison, Ruzzo and Ullman is limited in its expressive power when compared with a trust-management scheme, thereby formally establishing a conjecture from the literature. A second result is that a particular RBAC (Role-Based Access Control) scheme, ARBAC97, may be limited in its expressive power, thereby countering claims in the literature that RBAC is more expressive than DAC (Discretionary Access Control). A third result demonstrates that the ability to check for the absence of rights (in addition to the presence of rights) can cause a scheme to be more expressive. A fourth result is that a trust-management scheme is at least as expressive as RBAC with a particular administrative scheme (the URA97 component of ARBAC97).
Keywords: Access control, expressive power, reduction, state-matching reduction, access matrix, trust management, role-based access control, discretionary access control
DOI: 10.3233/JCS-2007-15202
Journal: Journal of Computer Security, vol. 15, no. 2, pp. 231-272, 2007
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
sales@iospress.com
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
info@iospress.nl
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office info@iospress.nl
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
china@iospress.cn
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
如果您在出版方面需要帮助或有任何建, 件至: editorial@iospress.nl