Link to the University of Pittsburgh Homepage
Link to the University Library System Homepage Link to the Contact Us Form

Formal foundations for hybrid hierarchies in GTRBAC

Joshi, JBD and Bertino, E and Ghafoor, A and Zhang, Y (2008) Formal foundations for hybrid hierarchies in GTRBAC. ACM Transactions on Information and System Security, 10 (4). ISSN 1094-9224

[img] Plain Text (licence)
Available under License : See the attached license file.

Download (1kB)


A role hierarchy defines permission acquisition and role-activation semantics through role - role relationships. It can be utilized for efficiently and effectively structuring functional roles of an organization having related access-control needs. The focus of this paper is the analysis of hybrid role hierarchies in the context of the generalized temporal role-based access control (GTRBAC) model that allows specification of a comprehensive set of temporal constraints on role, user-role, and role-permission assignments. We introduce the notion of uniquely activable set (UAS) associated with a role hierarchy that indicates the access capabilities of a user resulting from his membership to a role in the hierarchy. Identifying such a role set is essential, while making an authorization decision about whether or not a user should be allowed to activate a particular combination of roles in a single session. We formally show how UAS can be determined for a hybrid hierarchy. Furthermore, within a hybrid hierarchy, various hierarchical relations may be derived between an arbitrary pair of roles. We present a set of inference rules that can be used to generate all the possible derived relations that can be inferred from a specified set of hierarchical relations and show that it is sound and complete. We also present an analysis of hierarchy transformations with respect to role addition, deletion, and partitioning, and show how various cases of these transformations allow the original permission acquisition and role-activation semantics to be managed. The formal results presented here provide a basis for developing efficient security administration and management tools. © 2008 ACM.


Social Networking:
Share |


Item Type: Article
Status: Published
CreatorsEmailPitt UsernameORCID
Joshi, JBDjjoshi@pitt.eduJJOSHI0000-0003-4519-9802
Bertino, E
Ghafoor, A
Zhang, Y
Date: 1 January 2008
Date Type: Publication
Journal or Publication Title: ACM Transactions on Information and System Security
Volume: 10
Number: 4
DOI or Unique Handle: 10.1145/1284680.1284682
Schools and Programs: School of Information Sciences > Information Science
Refereed: Yes
ISSN: 1094-9224
Date Deposited: 30 Oct 2012 20:39
Last Modified: 10 Apr 2020 13:55


Monthly Views for the past 3 years

Plum Analytics

Actions (login required)

View Item View Item