Formal Foundations for Hybrid Hierarchies in GTRBAC

Get BibTex-formatted data

Download

PDF

Author

James B. Joshi, E. Bertino. A. Ghafoor

Tech report number

CERIAS TR 2006-25

Entry type

article

Abstract

A role hierarchy defines semantics related to permission acquisitions and role activations through role-role relationships. It can be utilized for efficiently and effectively structuring functional roles of an organization having related access control needs. Temporal constraints on role enablings and role activations can have various implications on such a role hierarchy. The focus of this paper is the analysis of hybrid role hierarchies in the context of the Generalized Temporal Role Based Access Control (GTRBAC) model that allows specification of a comprehensive set of temporal constraints on role, user-role assignments and role-permission assignments. We introduce the notion of uniquely activable set (UAS) associated with a role hierarchy that indicates the access capabilities of a user resulting from his membership to a role in the hierarchy. Identifying such a role set is essential while making an authorization decision about whether or not a user should be allowed to activate a particular combination of roles in a single session. Furthermore, when separation-of-duty (SoD) constraints are present in the system, it is also essential to ensure that there are no role combinations that can be allowed to be activated in a single user session. In other words, knowledge about UAS can be used to facilitate enforcement of the principle of least privilege. Because of the separation of permission inheritance and role activation semantics in GTRBAC, a hybrid hierarchy that allows different hierarchy types to coexist, can give rise to a complex semantics and identifying what role combinations can be allowed to be activated in a session for a user may not be straight forward. We formally show how UAS can be determined for a hybrid hierarchy. Furthermore, within a hybrid hierarchy, various hierarchical relations may be derived between an arbitrary pair of roles. We present a set of inference rules that can be used to generate all the possible derived relations that can be inferred from a specified set of hierarchical relations and show that the set of these inference rules is sound and complete. Another key issue we address in this paper is that of the evolution of role hierarchies through hierarchical transformations. We present an analysis of hierarchy transformations with respect to role addition, deletion and partitioning, and show how various cases of these transformations allow the original permission acquisition and role activation semantics to be managed. The formal results presented here provide a basis for developing e

Download

PDF

Key alpha

James B. Joshi

Affiliation

University of Pittsburgh, Purdue University

Publication Date

2001-01-01

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Article{ James B. Joshi,
	title = "Formal Foundations for Hybrid Hierarchies in GTRBAC",
	author = "James B. Joshi, E. Bertino. A. Ghafoor",
	abstract = "A role hierarchy defines semantics related to permission acquisitions and role activations through
role-role relationships. It can be utilized for efficiently and effectively structuring functional roles of an organization having related access control needs. Temporal constraints on role enablings and role activations can have various implications on such a role hierarchy. The focus of this paper is the analysis of hybrid role hierarchies in the context of the Generalized Temporal Role Based
Access Control (GTRBAC) model that allows specification of a comprehensive set of temporal
constraints on role, user-role assignments and role-permission assignments. We introduce the
notion of uniquely activable set (UAS) associated with a role hierarchy that indicates the access
capabilities of a user resulting from his membership to a role in the hierarchy. Identifying such
a role set is essential while making an authorization decision about whether or not a user should
be allowed to activate a particular combination of roles in a single session. Furthermore, when
separation-of-duty (SoD) constraints are present in the system, it is also essential to ensure that
there are no role combinations that can be allowed to be activated in a single user session. In
other words, knowledge about UAS can be used to facilitate enforcement of the principle of least
privilege. Because of the separation of permission inheritance and role activation semantics in
GTRBAC, a hybrid hierarchy that allows different hierarchy types to coexist, can give rise to a
complex semantics and identifying what role combinations can be allowed to be activated in a
session for a user may not be straight forward. We formally show how UAS can be determined
for a hybrid hierarchy. Furthermore, within a hybrid hierarchy, various hierarchical relations
may be derived between an arbitrary pair of roles. We present a set of inference rules that can
be used to generate all the possible derived relations that can be inferred from a specified set of
hierarchical relations and show that the set of these inference rules is sound and complete. Another
key issue we address in this paper is that of the evolution of role hierarchies through hierarchical
transformations. We present an analysis of hierarchy transformations with respect to role addition,
deletion and partitioning, and show how various cases of these transformations allow the original
permission acquisition and role activation semantics to be managed. The formal results presented
here provide a basis for developing e",
	affiliation = "University of Pittsburgh, Purdue University",
}