@inproceedings{5400c0a0f357443295df919f80fe771b,
title = "Resolving information flow conflicts in RBAC systems",
abstract = "Recently, Role Based Access Control (RBAC) model has taken place as a promising alternative to the conventional access control models, MAC and DAC. RBAC is more general than those traditional models as was shown by Osborn et al. [17], however, mapping a role based system to a valid MAC configuration is not always possible because certain combinations of permissions that are included in a role's effective privileges may cause information flow. Given a role-based graph where role's permissions refer to labeled data objects, Osborn et al. showed how to find conflicts that are resulted from information flow, but they have not suggested a solution for these conflicts and they have not handled user-role assignments, for the solved scheme. In this paper, we assume a more general model of permissions conflicts than MAC. We introduce an algorithm that handles information flow conflicts in a given role-based graph, corrects the Role-based graph if needed, and proposes a consistent users-roles assignment. As RBAC and information flow are becoming extremely important in Web based information systems, this algorithm becomes very relevant.",
keywords = "Canonical groups, Role based access control, Role graph consistency",
author = "Noa Tuval and Ehud Gudes",
year = "2006",
doi = "10.1007/11805588_11",
language = "English",
isbn = "3540367969",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "148--162",
editor = "Peng Liu and Ernesto Damiani",
booktitle = "Data and Applications Security XX - 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Proceedings",
address = "Germany",
note = "20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security ; Conference date: 31-07-2006 Through 02-08-2006",
}