Entry Joshi:2008:FFH from tissec.bib

Last update: Sun Oct 15 02:58:48 MDT 2017                Valid HTML 3.2!

Index sections

Top | Symbols | Numbers | Math | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

BibTeX entry

@Article{Joshi:2008:FFH,
  author =       "James B. D. Joshi and Elisa Bertino and Arif Ghafoor
                 and Yue Zhang",
  title =        "Formal foundations for hybrid hierarchies in
                 {GTRBAC}",
  journal =      j-TISSEC,
  volume =       "10",
  number =       "4",
  pages =        "2:1--2:??",
  month =        jan,
  year =         "2008",
  CODEN =        "ATISBQ",
  DOI =          "https://doi.org/10.1145/1284680.1284682",
  ISSN =         "1094-9224 (print), 1557-7406 (electronic)",
  ISSN-L =       "1094-9224",
  bibdate =      "Thu Jun 12 17:52:24 MDT 2008",
  bibsource =    "http://portal.acm.org/;
                 http://www.math.utah.edu/pub/tex/bib/tissec.bib",
  abstract =     "A role hierarchy defines permission acquisition and
                 role-activation semantics through role--role
                 relationships. It can be utilized for efficiently and
                 effectively structuring functional roles of an
                 organization having related access-control needs. The
                 focus of this paper is the analysis of hybrid role
                 hierarchies in the context of the generalized temporal
                 role-based access control (GTRBAC) model that allows
                 specification of a comprehensive set of temporal
                 constraints on role, user-role, and role-permission
                 assignments. We introduce the notion of uniquely
                 activable set (UAS) associated with a role hierarchy
                 that indicates the access capabilities of a user
                 resulting from his membership to a role in the
                 hierarchy. Identifying such a role set is essential,
                 while making an authorization decision about whether or
                 not a user should be allowed to activate a particular
                 combination of roles in a single session. We formally
                 show how UAS can be determined for a hybrid hierarchy.
                 Furthermore, within a hybrid hierarchy, various
                 hierarchical relations may be derived between an
                 arbitrary pair of roles. We present a set of inference
                 rules that can be used to generate all the possible
                 derived relations that can be inferred from a specified
                 set of hierarchical relations and show that it is sound
                 and complete. We also present an analysis of hierarchy
                 transformations with respect to role addition,
                 deletion, and partitioning, and show how various cases
                 of these transformations allow the original permission
                 acquisition and role-activation semantics to be
                 managed. The formal results presented here provide a
                 basis for developing efficient security administration
                 and management tools.",
  acknowledgement = ack-nhfb,
  articleno =    "2",
  fjournal =     "ACM Transactions on Information and System Security",
  journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J789",
  keywords =     "derived relation; role hierarchy",
}

Related entries