Specification and Enforcement of the General User Authorization Query Problem in Role Based Access Control System

ABSTRACT

The User Authorization Query (UAQ) problem in Role Based Access Control (RBAC) is assigning roles to users in an appropriate manner. That is, take as input a set of permissions that a user requests to have in a session, and determine whether there exists an optimum set of roles to active. However the existing definition of UAQ is inadequate, it only considers the number of permissions whereas the number of roles is also equally important, has been largely ignored. In addition, little attention has been paid to the complexity analysis of the UAQ problem with the consideration of the both permission and role numbers in the literature. In this paper, we give a general definition of UAQ with the name of GUAQ by introducing the consideration for the number of both permissions and roles, and then study the computational complexity of the GUAQ problem into three subcases. Furthermore, we propose an approach for finding a safe resolution for GUAQ, which employ the preprocessing and reduction to SAT solver that greatly reduce the running time.

Keywords: