Mahesh V. Tripunitara and Ninghui Li

CERIAS TR 2004-10

techreport

Comparing the expressive power of access control models is recognized as a fundamental problem in computer security. Such comparisons are generally based on simulations between different access control schemes. However, the definitions for simulations that are used in the literature make it impossible to put results and claims about the expressive power of access control models into a single context. Furthermore, some definitions for simulations used in the literature such as those used for comparing RBAC (Role-Based Access Control) with other models, are too weak to distinguish access control models from one another in a meaningful way. We propose a theory for comparing the expressive power of access control models. We perceive access control systems as state-transition systems and require simulations to preserve security properties. We discuss the rationale behind such a theory, apply the theory to reexamine some existing work on the expressive power of access control models in the literature and present three results. We show that: (1) RBAC with a particular administrative model from the literature (ARBAC97) is limited in its expressive power; (2) ATAM (Augmented Typed Access Matrix) is more expressive than TAM (Typed Access Matrix), thereby solving an open problem posed in the literature; and (3) a trust-management language is at least as expressive as RBAC with a particular administrative model (the URA97 component of ARBAC97).

PDF

2004 – 08 – 01

Purdue University

tripunitara

CERIAS and Department of Computer Science

2004-08-01

- Access Control - Expressive Power of Access Control Models - Role-Based Access Control (RBAC) - Access Matrix - TAM and ATAM - Role-Based Trust Management (RT)

English

Comparing the Expressive Power of Access Control Models