A Theory for Comparing the Expressive Power of Access Control Models

Mahesh Tripunitara,

CERIAS, Purdue University

4:00pm Wed 2 Feb 2005, Siebel Center Room 3405

Comparing the expressive power of access control models is recognized as a fundamental problem in computer security. Such comparisons are generally based on the existence of simulations between access control schemes. In this talk, I will present a new theory to meaningfully compare the expressive power of access control models. In this work, we perceive access control systems as state-transition systems, and require simulations to preserve security properties.

We have successfully applied our theory, and have several significant results. I will list five, and discuss two of these results in this talk. (1) The well-known access matrix scheme proposed by Harrison, Ruzzo and Ullman (the HRU scheme) is limited in its expressive power when compared to a relatively simple trust-management scheme. To our knowledge, this is the first formal evidence of the limited expressive power of the HRU scheme. (2) Role-Based Access Control (RBAC) with a particular administrative scheme (ARBAC97) is limited in its expressive power, countering claims in the literature that RBAC is more expressive than Discretionary Access Control (DAC).

Bio: Mahesh Tripunitara is a Ph.D. candidate in the computer science department at Purdue University. His advisor is Ninghui Li, and he is a member of the Center for Education and Research in Information Assurance and Security (CERIAS). His thesis work is in access control, and he plans to graduate in May 2006. Prior to returning to Purdue in 2003 to complete his Ph.D., he worked for several years in the software industry.