7th European Symposium on Research in Computer Security (ESORICS 2002)
Decidability of Safety in Graph-based Models for Access Control
Manuel Koch, Luigi V. Mancini, Francesco Parisi-Presicce
Abstract : Models of Access Control Policies specified with graphs and graph transformation rules combine an intuitive visual representation with solid semantical foundations. While the expressive power of graph transformations leads in general to undecidable models, we prove that it is possible, with reasonable restrictions on the form of the rules, to obtain access control models where safety is decidable. The restrictions introduced are minimal in that no deletion and addition of a graph structure are allowed in the same modification step. We then illustrate our result with two examples: a graph based DAC model and a simplified decentralized RBAC model.
Proceedings table of contents