A Distributed Calculus for Role-Based Access Control.
Chiara Braghin
Abstract
Role-based access control (RBAC) is attracting increasing attention
because it reduces the complexity and cost of security administration
by interposing the notion of role in the assignment of permissions to
users.
In this paper, we present a formal framework relying on an extension
of the pi-calculus to study the behaviour of concurrent systems in a RBAC
scenario. We define a type system ensuring that the specified policy
is respected during computations, and a bisimulation to equate systems.
The theory is then applied to three meaningful examples, namely finding
the `minimal' policy to run a given system, refining a system to
be run under a given policy (whenever possible), and minimizing the number
of users in a given system without changing the overall behaviour.