Formal authorization approaches for permission-role assignments using relational algebra operations

Wang, Hua and Zhang, Yanchun and Cao, Jinli (2003) Formal authorization approaches for permission-role assignments using relational algebra operations. In: 14th Australasian Database Conference 2003: Database Technologies (ADC2003), 4-7 Feb 2003, Adelaide, Australia.

[img]
Preview
PDF (Accepted Version)
Wang_Zhang_Cao_ADC2003_AV.pdf

Download (136Kb)

Abstract

In this paper, we develop formal authorization allocation algorithms for permission-role assignments. The formal approaches are based on relational structure, and relational algebra and operations. The process of permission-role assignments is an important issue in role-based access control (RBAC) as it may modify the authorization level or imply high-level confidential information to be derived when roles are changed and request different permissions. There are two types of problems that may arise in permission-role assignments. One is related to authorization granting process. Conflicting permissions may be granted to a role, and as a result, users with the role may have or derive a high level of authority. Another is related to authorization revocation. When a permission is revoked from a role, the role may still have the permission from other roles. To solve the problems, this paper presents an authorization granting algorithm, and weak revocation and strong revocation algorithms that are based on relational algebra operations. The algorithms can be used to check conflicts and therefore to help allocate permissions without compromising the security in RBAC. We describe how to use the new algorithms with an anonymity scalable payment scheme. Finally, comparisons with other related work are discussed.


Statistics for USQ ePrint 7335
Statistics for this ePrint Item
Item Type: Conference or Workshop Item (Commonwealth Reporting Category E) (Paper)
Refereed: Yes
Item Status: Live Archive
Additional Information: Author version deposited in accordance with the copyright policy of the publisher. Copyright 2003, Australian Computer Society, Inc. This paper appeared at the 14th Australasian Database Conference (ADC 2003), Adelaide, Australia.
Depositing User: Dr Hua Wang
Faculty / Department / School: Historic - Faculty of Sciences - Department of Maths and Computing
Date Deposited: 05 Aug 2011 05:06
Last Modified: 02 Jul 2013 23:45
Uncontrolled Keywords: RBAC, permission-role assignment, authorization, can-assignp, can-revokep
Fields of Research (FOR2008): 08 Information and Computing Sciences > 0806 Information Systems > 080602 Computer-Human Interaction
Socio-Economic Objective (SEO2008): B Economic Development > 89 Information and Communication Services > 8903 Information Services > 890301 Electronic Information Storage and Retrieval Services
URI: http://eprints.usq.edu.au/id/eprint/7335

Actions (login required)

View Item Archive Repository Staff Only