Visible to the public Mohawk+T: Efficient Analysis of Administrative Temporal Role-Based Access Control (ATRBAC) PoliciesConflict Detection Enabled

TitleMohawk+T: Efficient Analysis of Administrative Temporal Role-Based Access Control (ATRBAC) Policies
Publication TypeConference Proceedings
Year of Publication2015
AuthorsJonathan Shahen, Jianwei Niu, Mahesh Tripunitara
Conference NameSACMAT '15 Proceedings of the 20th ACM Symposium on Access Control Models and Technologies
Date Published06/01/2015
PublisherACM New York, NY, USA ©2015
Conference LocationVienna, Austria
ISBN Number978-1-4503-3556-0
KeywordsCMU, July'15

Safety analysis is recognized as a fundamental problem in access control. It has been studied for various access control schemes in the literature. Recent work has proposed an administrative model for Temporal Role-Based Access Control (TRBAC) policies called Administrative TRBAC (ATRBAC). We address ATRBAC-safety. We first identify that the problem is PSPACE-Complete. This is a much tighter identification of the computational complexity of the problem than prior work, which shows only that the problem is decidable. With this result as the basis, we propose an approach that leverages an existing open-source software tool called Mohawk to address ATRBAC-safety. Our approach is to efficiently reduce ATRBAC-safety to ARBAC-safety, and then use Mohawk. We have conducted a thorough empirical assessment. In the course of our assessment, we came up with a "reduction toolkit," which allows us to reduce Mohawk+T input instances to instances that existing tools support. Our results suggest that there are some input classes for which Mohawk+T outperforms existing tools, and others for which existing tools outperform Mohawk+T. The source code for Mohawk+T is available for public download.

Citation Keynode-25037

Other available formats:

Shahen_MohawkT.pdfPDF document990.89 KBDownloadPreview