Presentation Title

Analysis of Role-Based Access Control

Start Date

November 2016

End Date

November 2016

Location

HUB 302-#154

Type of Presentation

Poster

Abstract

Role-Based Access Control is a popular approach to implementing access control policies in large organizations. The idea is that users are assigned to roles and roles are associated with permissions. Administrative Role Based Access Control policy (ARBAC) specifies permissions of the different administrators to change the policy.

Real-world ARBAC policies tend to be too large for administrators to handle with simple manual inspection alone. Automated policy analysis can help, by answering questions for the user such as “Can a set of administrators assign a user initially assigned to a set of target roles"?

Previous researchers have designed and implemented a Role-Based Policy Analysis Tool (RBAC-PAT), which implements policy analysis algorithms and provides a graphical interface for visualizing the analysis results. However, the tool has many limitations. It is used by over 25 universities around the world for advancing the policy analysis research.

The current tool lacks a modular design allowing an easy addition of support of new policy analysis problems. Second, the implementation is in different languages, making it hard to maintain. Third, it lacks some of the useful features which can provide the administrator with important information e.g., visualization of the role hierarchy or generation of the deterministic finite state machine representing the possible policy states.

In this project, we re-design RBAC-PAT according to the best practices of software engineering, thus facilitating addition of new policy analysis problems. We realize our design in a single language: Python. Finally, we implement new features including hierarchy visualization and policy graph generation.

This document is currently not available here.

Share

COinS
 
Nov 12th, 4:00 PM Nov 12th, 5:00 PM

Analysis of Role-Based Access Control

HUB 302-#154

Role-Based Access Control is a popular approach to implementing access control policies in large organizations. The idea is that users are assigned to roles and roles are associated with permissions. Administrative Role Based Access Control policy (ARBAC) specifies permissions of the different administrators to change the policy.

Real-world ARBAC policies tend to be too large for administrators to handle with simple manual inspection alone. Automated policy analysis can help, by answering questions for the user such as “Can a set of administrators assign a user initially assigned to a set of target roles"?

Previous researchers have designed and implemented a Role-Based Policy Analysis Tool (RBAC-PAT), which implements policy analysis algorithms and provides a graphical interface for visualizing the analysis results. However, the tool has many limitations. It is used by over 25 universities around the world for advancing the policy analysis research.

The current tool lacks a modular design allowing an easy addition of support of new policy analysis problems. Second, the implementation is in different languages, making it hard to maintain. Third, it lacks some of the useful features which can provide the administrator with important information e.g., visualization of the role hierarchy or generation of the deterministic finite state machine representing the possible policy states.

In this project, we re-design RBAC-PAT according to the best practices of software engineering, thus facilitating addition of new policy analysis problems. We realize our design in a single language: Python. Finally, we implement new features including hierarchy visualization and policy graph generation.