Role - based Authorization Constraints Speci

Constraints are an important aspect of role-based access control (RBAC) and are often regarded as one of the principal motivations behind RBAC. Although the importance of constraints in RBAC has been recognized for a long time, they have not received much attention. In this paper, we introduce an intuitive formal language for specifying role-based authorization constraints named RCL 2000 including its basic elements, syntax, and semantics. We give soundness and completeness proofs for RCL 2000 relative to a restricted form of rst-order predicate logic. Also, we show how previously identiied role-based authorization constraints such as separation of duty (SOD) can be expressed in our language. Moreover, we show there are other signiicant SOD properties which have not been previously identiied in the literature. Our work shows that there are many alternate formulations of even the simplest SOD properties, with varying degree of exibility and assurance. Our language provides us a rigorous foundation for systematic study of role-based authorization constraints. 1. INTRODUCTION Role-based access control (RBAC) has emerged as a widely accepted alternative to classical discretionary and mandatory access controls Sandhu et al. 1996]. Several models of RBAC have been published and several commercial implementations are available. RBAC regulates the access of users to information and system resources on the basis of activities that users need to execute in the system. It requires the identiication of roles in the system. A role can be deened as a set of actions and responsibilities associated with a particular working activity. Then, instead of specifying all the accesses each individual user is allowed, access authorizations