Modeling and Analysis of SMER Constraints Violation in IRBAC 2000 Model Based on Colored Petri Nets

Abstract

Interoperable Role-Based Access Control (IRBAC) 2000 model can be used to accomplish security interoperation between two or more administrative domains via role association and dynamic role translation. However, Static Separation of Duties (SSoD) is not considered in the IRBAC 2000 model, so the problem of inter-domain static mutual exclusive roles constraints violation can arise. This paper proposes a novel method based on colored Petri nets to model and analyze IRBAC 2000 model so as to detect static mutual exclusive roles (SMER) constraints violation. The necessary and sufficient conditions for SMER constraints violation in the IRBAC 2000 model are demonstrated. A graphical detection model based on Colored Petri net of SMER constraints violation is presented and then a more complicated case study is used to illustrate the efficiency of the proposed model. Moreover, some prerequisites for avoiding SMER constraints violation and guaranteeing the model security while adding new role association or user-role assignment are also discussed, analyzed and detailed based on colored petri net model in this paper.