Resolving information flow conflicts in RBAC systems

Noa Tuval, Ehud Gudes

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

5 Scopus citations


Recently, Role Based Access Control (RBAC) model has taken place as a promising alternative to the conventional access control models, MAC and DAC. RBAC is more general than those traditional models as was shown by Osborn et al. [17], however, mapping a role based system to a valid MAC configuration is not always possible because certain combinations of permissions that are included in a role's effective privileges may cause information flow. Given a role-based graph where role's permissions refer to labeled data objects, Osborn et al. showed how to find conflicts that are resulted from information flow, but they have not suggested a solution for these conflicts and they have not handled user-role assignments, for the solved scheme. In this paper, we assume a more general model of permissions conflicts than MAC. We introduce an algorithm that handles information flow conflicts in a given role-based graph, corrects the Role-based graph if needed, and proposes a consistent users-roles assignment. As RBAC and information flow are becoming extremely important in Web based information systems, this algorithm becomes very relevant.

Original languageEnglish
Title of host publicationData and Applications Security XX - 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Proceedings
EditorsPeng Liu, Ernesto Damiani
PublisherSpringer Verlag
Number of pages15
ISBN (Electronic)9783540367963
ISBN (Print)3540367969, 9783540367963
StatePublished - 1 Jan 2006
Event20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security - Sophia Antipolis, France
Duration: 31 Jul 20062 Aug 2006

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4127 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security
CitySophia Antipolis


  • Canonical groups
  • Role based access control
  • Role graph consistency

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Resolving information flow conflicts in RBAC systems'. Together they form a unique fingerprint.

Cite this