A Modal Logic for Role-Based Access Control - Computer Network Security

Information Technology Reference

In-Depth Information

hierarchy is generally represented pictorially by a Hasse diagram. We implement

Hasse diagrams in HOL as a set HSD of pairs, with ( R 1 ,R 2 )

HSD precisely

when there's an explicit edge between R 1 and R 2 in the Hasse diagram. It is then

straightforward to define

∈

as the reflexive, transitive closure of HSD ,relative

to the set ROLES of roles:

rhRel HSD ROLES =

{

( R 1 ,R 2 )

( R 1 ∈

ROLES )

∧

( R 2 ∈

ROLES )

∧

( RTC ( CURRY HSD ) R 1 R 2 )

}

where ( CURRY HSD ) R 1 R 2 is equivalent to ( R 1 ,R 2 )

HSD and the predicate

RTC (defined in HOL's Relation theory) identifies the elements in the reflexive,

transitive closure of a relation.

For example, the Hasse diagram from Figure 1 can be represented by a set

HSD as follows:

∈

HSD =

{

( Chair, Ten ) , ( P&T VM, Ten ) , ( Ten, Fac ) ,

( CS Fac, Fac ) , ( CE Fac, Fac ) , ( UnTen, Fac )

}

Letting ROLES be the set

{

Chair, P&T VM, Ten, UnTen, CS Fac, CE Fac, Fac

}

the inheritance relation

is given by:

rhRel HSD ROLES =

HSD ∪{

( R, R )

| R ∈ ROLES}∪{

( Chair, Fac ) , ( P&T VM, Fac )

The set of users authorized for a role R depends on both the user-role as-

signments ( UA ) and the inheritance relation

; likewise, the set of permissions

associated with a role depends on the permission assignments ( PA )and

.Thus,

we define predicates authorized users and authorized permissions as follows:

authorized users R UA HSD ROLES =

{

R . ( R

(( R ,R )

( U, R )

|∃

∈

ROLES )

∧

∈

rhRel HSD ROLES )

∧

∈

}

authorized permissions R PA HSD ROLES =

{

R . ( R ∈

(( R, R )

( p, R )

|∃

ROLES )

∧

∈

rhRel HSD ROLES )

∧

∈

}

It is straightforward to prove that, whenever R 1

R 2 —that is, when ( R 1 ,R 2 )

is in rhRel HSD ROLES —the following two properties hold:

( authorized users R 1 UA HSD ROLES )

⊆

( authorized users R 2 UA HSD ROLES )

( authorized permissions R 2 PA HSD ROLES )

⊆

( authorized permissions R 1 PA HSD ROLES ) .

As described in Section 2, static separation-of-duty constraints are given by

aset SSD : each pair ( rs, n )

SSD represents a constraint to prevent users from

being authorized for n or more roles in rs . Because the set of authorized users

for a given role depends on both the user assignment and the role hierarchy,

∈

Computer Network Security

Search WWH ::

Custom Search

Home