Data Structures for Constraint Enforcement in Role-Based Systems

Jason Crampton, Hemanth Khambhammettu

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Constraints are an important aspect of role-based models. Several types of constraints, such as separation of duty constraints, cardinality constraints and temporal constraints have been identified in the literature. Although the specification of constraints has received significant research interest, there has been little work on the development of an efficient constraint enforcement model. In particular there does not exist a model for the data structures that are referenced and maintained by the constraint enforcement mechanism. In this paper, we define a formal model for such data structures that record salient information to be used by the constraint enforcement mechanism. We introduce the concept of a constraint evaluation structure that is used by the constraint enforcement mechanism to determine whether granting a request would violate a constraint. Two particular constraint evaluation structures form part of the runtime model we introduce in order to enforce dynamic constraints.
Original languageEnglish
Title of host publicationProceedings of the 2005 IASTED Conference on Network and Information Security
Number of pages10
Publication statusPublished - 2005

Cite this