Presentation 2009-12-16
Redesigning of a role hierarchy for role-based access control
Yoshiharu ASAKURA, Yukikazu NAKAMOTO,
PDF Download Page PDF download Page Link
Abstract(in Japanese) (See Japanese page)
Abstract(in English) Role-based access control (RBAC) is widely used as an access control mechanism in various computer systems. A role graph is a model that represents role hierarchies and is suitable for runtime deployment of RBAC in a computer system. In a previous work, we proposed an extended role graph that is suitable for designing role hierarchies. When an administrator wants to redesign a role hierarchy in a computer system, he or she has to redesign it with a role graph and, it is therefore difficult for him/her to redesign this. Here, we prove that a role graph can be transformed into any equivalent extended role graph by using extended equivalent transformation manipulations, which transform an extended role graph while preserving its equivalence. This enables an administrator to redesign a role hierarchy with an extended role graph. The main contribution of this paper is to explain how a role hierarchy can be easily redesigned.
Keyword(in Japanese) (See Japanese page)
Keyword(in English) Role-based access control / extended role graph / equivalent transformation
Paper # ISEC2009-79
Date of Issue

Conference Information
Committee ISEC
Conference Date 2009/12/9(1days)
Place (in Japanese) (See Japanese page)
Place (in English)
Topics (in Japanese) (See Japanese page)
Topics (in English)
Vice Chair

Paper Information
Registration To Information Security (ISEC)
Language JPN
Title (in Japanese) (See Japanese page)
Sub Title (in Japanese) (See Japanese page)
Title (in English) Redesigning of a role hierarchy for role-based access control
Sub Title (in English)
Keyword(1) Role-based access control
Keyword(2) extended role graph
Keyword(3) equivalent transformation
1st Author's Name Yoshiharu ASAKURA
1st Author's Affiliation System Platforms Research Laboratories, NEC Corporation:Graduate School of Applied Informatics, University of Hyogo()
2nd Author's Name Yukikazu NAKAMOTO
2nd Author's Affiliation Graduate School of Applied Informatics, University of Hyogo
Date 2009-12-16
Paper # ISEC2009-79
Volume (vol) vol.109
Number (no) 337
Page pp.pp.-
#Pages 7
Date of Issue