Role updating in information systems using model checking

Jinwei Hu; Khaled M. Khan; Yan Zhang; Yun Bai; Ruixuan Li

doi:10.1007/s10115-016-0974-4

Role updating in information systems using model checking

Jinwei Hu, Khaled M. Khan, Yan Zhang, Yun Bai, Ruixuan Li

Western Sydney University

Research output: Contribution to journal › Article › peer-review

5 Citations (Scopus)

Abstract

The role-based access control (RBAC) has significantly simplified the management of users and permissions in information systems. In dynamic environments, systems are constantly undergoing changes, and accordingly, the associated configurations need to be updated in order to reflect the systems' security evolutions. However, such updating process is generally complicated as the resulting system state is expected to meet necessary constraints. This paper presents an approach for assisting administrators to make a desirable update, in light of changes in RBAC systems. We propose a formalization of the update approach, investigate its properties, and develop an updating algorithm based on model checking techniques. Our experimental results demonstrate the effectiveness of the proposed approach.

Original language	English
Pages (from-to)	187-234
Number of pages	48
Journal	Knowledge and Information Systems
Volume	51
Issue number	1
DOIs	https://doi.org/10.1007/s10115-016-0974-4
Publication status	Published - 1 Apr 2017

Bibliographical note

Publisher Copyright:
© 2016, Springer-Verlag London.

Keywords

access control
computational complexity
computer algorithms
computer users
information storage and retrieval systems

Access to Document

10.1007/s10115-016-0974-4

Cite this

@article{0cf6d0db1d3044138298e36a875c8858,

title = "Role updating in information systems using model checking",

abstract = "The role-based access control (RBAC) has significantly simplified the management of users and permissions in information systems. In dynamic environments, systems are constantly undergoing changes, and accordingly, the associated configurations need to be updated in order to reflect the systems' security evolutions. However, such updating process is generally complicated as the resulting system state is expected to meet necessary constraints. This paper presents an approach for assisting administrators to make a desirable update, in light of changes in RBAC systems. We propose a formalization of the update approach, investigate its properties, and develop an updating algorithm based on model checking techniques. Our experimental results demonstrate the effectiveness of the proposed approach.",

keywords = "access control, computational complexity, computer algorithms, computer users, information storage and retrieval systems",

author = "Jinwei Hu and Khan, {Khaled M.} and Yan Zhang and Yun Bai and Ruixuan Li",

note = "Publisher Copyright: {\textcopyright} 2016, Springer-Verlag London.",

year = "2017",

month = apr,

day = "1",

doi = "10.1007/s10115-016-0974-4",

language = "English",

volume = "51",

pages = "187--234",

journal = "Knowledge and Information Systems",

issn = "0219-1377",

publisher = "Springer UK",

number = "1",

}

TY - JOUR

T1 - Role updating in information systems using model checking

AU - Hu, Jinwei

AU - Khan, Khaled M.

AU - Zhang, Yan

AU - Bai, Yun

AU - Li, Ruixuan

PY - 2017/4/1

Y1 - 2017/4/1

N2 - The role-based access control (RBAC) has significantly simplified the management of users and permissions in information systems. In dynamic environments, systems are constantly undergoing changes, and accordingly, the associated configurations need to be updated in order to reflect the systems' security evolutions. However, such updating process is generally complicated as the resulting system state is expected to meet necessary constraints. This paper presents an approach for assisting administrators to make a desirable update, in light of changes in RBAC systems. We propose a formalization of the update approach, investigate its properties, and develop an updating algorithm based on model checking techniques. Our experimental results demonstrate the effectiveness of the proposed approach.

AB - The role-based access control (RBAC) has significantly simplified the management of users and permissions in information systems. In dynamic environments, systems are constantly undergoing changes, and accordingly, the associated configurations need to be updated in order to reflect the systems' security evolutions. However, such updating process is generally complicated as the resulting system state is expected to meet necessary constraints. This paper presents an approach for assisting administrators to make a desirable update, in light of changes in RBAC systems. We propose a formalization of the update approach, investigate its properties, and develop an updating algorithm based on model checking techniques. Our experimental results demonstrate the effectiveness of the proposed approach.

KW - access control

KW - computational complexity

KW - computer algorithms

KW - computer users

KW - information storage and retrieval systems

UR - http://handle.westernsydney.edu.au:8081/1959.7/uws:40319

U2 - 10.1007/s10115-016-0974-4

DO - 10.1007/s10115-016-0974-4

M3 - Article

SN - 0219-1377

VL - 51

SP - 187

EP - 234

JO - Knowledge and Information Systems

JF - Knowledge and Information Systems

IS - 1

ER -

Role updating in information systems using model checking

Abstract

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this