Abstract
Constraints are an important aspect of role-based models. Several types of constraints, such as separation of duty constraints, cardinality constraints and temporal constraints have been identified in the literature. Although the specification of constraints has received significant research interest, there has been little work on the development of an efficient constraint enforcement model. In particular there does not exist a model for the data structures that are referenced and maintained by the constraint enforcement mechanism. In this paper, we define a formal model for such data structures that record salient information to be used by the constraint enforcement mechanism. We introduce the concept of a constraint evaluation structure that is used by the constraint enforcement mechanism to determine whether granting a request would violate a constraint. Two particular constraint evaluation structures form part of the runtime model we introduce in order to enforce dynamic constraints.
Original language | English |
---|---|
Title of host publication | Proceedings of the 2005 IASTED Conference on Network and Information Security |
Pages | 158-167 |
Number of pages | 10 |
Publication status | Published - 2005 |