:2003203213:,,,.E2mail:weidingguo@fudan.edu.cn;,,,Petri.PetriRBAC1,21(,510320)2(,200433):RBACPetri.Petri,.PetriRBAC.:Petri;RBAC;;:TP393.08:A:100021220(2004)0520827206ResearchonVerificationofRBACPoliciesBasedonPetri-netWEIDing2guo1,WUShi2lin21(GuangdongCommercialCollege,Guangzhou510320,China)2(DepartmentofComputerScience,FudanUniversity,Shanghai200433)Abstract:Thecrucialissueofverificationofrolebasedaccesscontrolpolicieshasnotbeenadequatelyinvestigated.Inthispaper,wedevelopacoloredPetri2netbasedpolicyspecificationandanalysisframeworkforanRBACmodel.ThePetri2netmodelcancaptureallthecardinalityandseparationofdutyconstraints.Moreover,themodelalsoallowsspecificationoftheprecedenceanddependencyconstraints.WeusethePetri2netreachabilityanalysistechniqueforver2ifyingcorrectnessofRBACpolicies.Keywords:Petri2net;RBAC;policy;verification1(DAC)(MAC),(RBAC),.RBAC,.,..,RBAC,;,,,,,;RBACDACMAC,(SoD),RBAC;,(Sign),..RBAC,..RBAC,RBAC,TRBACGTR2BAC.GTRBAC,,GTRBACRBAC.GTRBAC.RBAC,RABC.Koch7,RABC,RABC.Nyanchama6RABC,,.Jaeger8,RABC.,RABC().,GTRBACPetriRBAC.Petri,,RBAC;,,.2,RBACGTRBAC.RBACSandhu101996,NISTRBAC,:UsersRoles25520045MINI-MICROSYSTEMSVol125No.5May2004©1994-2006ChinaAcademicJournalElectronicPublishingHouse.Allrightsreserved.().GTRABC,ö,ö,.RBAC.GTRABCöööö...,,,.RBAC,.RBAC,RBACGTBAC.RBAC,RBAC;PetriGTRBAC,GTRBAC.3RBACPetriRBAC,,RBAC.3.1RBAC,.ö,......Gavrila91998RBAC..RBAC,.,Gavrila.RBAC,:1),2)(SoD),3),4).RBAC,,RBAC.öö.SoD,.,,..,:(1)Manager,Junior_Employee..(2),HisöHer.,HisöHer..RBAC,Gavrila9,,.3.2RBACPetri,Petri(CPN)RBAC.CPN,RBAC,CPN.Petri.:Petriö,.,,,CPNGTRBAC.CPN,,.CPN.:CPN.RBACCPN:CPNCP=(,P,T,A,N,C,G,E,I):,;P;T;8282004©1994-2006ChinaAcademicJournalElectronicPublishingHouse.Allrightsreserved.=NARAIA,:PT=PA=TA=Á,NA,RA,IA;N.N:APTTPC.C:P;G,T:PtT:[Type(G(t))=BooleanandType(Var(G(t)A];E,A:aA[Type(E(a)MSandType(Var(E(a))A,p(a)N(a);I,P:PpP:[Type(I(p))=C(p(a))MS].RBACCPN.3.2.1:RBAC,:ColorUSER=integer,ColorROLE=integerColorSESSION=integerColorCOMMAND={assign,de2assign,enable,dis2able,activate,deactivate}ColorUR=productUSER3ROLE3ROLEColorURS=productUSER3ROLE3SESSIONColorCMD=productCOMMAND3USER3ROLE3SESSION,RBAC,::u::colorUSER:r::colorROLE:u,r,r::colorUR:u,r,s::colorURS:cmd,u,r,s::colorCMD3.2.2PCPNRBAC:1.(ETG):.,ETG.,,.2.(DR):(C(DR)=ROLE)).ryry.3.(ER):(C(ER)=ROLE).ryry.4.ö(UR).UR(C(UR)=UR).u,ry,rxury.u(rx=ry)ry,urxrxry(rxryrxry).5.(URS):URS.u,r,sr.6.(RC):(C(RC)=ROLE).,.RCniry,ry,ryni.7.(UC):(C(UC)=USER).,.UCmjuzry,uzmj.8.(RAC):RACROLE(C(RAC)=ROLE).,.niryRC,niry.9.(UAC):RACROLE(C(UAC)=USER).,.mjuzRC,uzmj.,.3.2.3AE:,SoD.(),().CPN,:(NA)(RA)(IA)..,(NARAIA)..,.:tNA:t,NAt.,,p.t,NAE.NA.tRA:t,RAtpRA.,.RA.9285:PetriRBAC©1994-2006ChinaAcademicJournalElectronicPublishingHouse.Allrightsreserved.(P(A))MS(MS=)..:1.m1t1+m2t2+...+mntn,ti.().ö(),miti(1in).,mi0.mjtj,mj0,.2.{ti}..,{ti}.,ti.3.2.4GTRBAC,öööö.CPN,ry:1.Assignry:uUSERSry.u,ry.2.De2assignry:ury.u,ry,u.3.Enablery:ry.,DRER,ry,ry.4.Disablery:ry.,ryER,DR,,ry.5.Activatry:ury.6.Deactivatery:ury..,.,..,ö.3.2.5Assignryryö{u,rx,ry:ryrx}UR,ryu,ry(a)ö(b)ö(c)ö1GTRBACPetriFig.1Petri2netscorrespondingtothefourcomponentsofGTRBACrxu.assignry1,,E1E45G1G19.,:ETGassign,uz,ryryuz.0382004©1994-2006ChinaAcademicJournalElectronicPublishingHouse.Allrightsreserved.:(n+1)uz,nry.()E6:uc,rz,anyrG2:conflict_role_assign(ry,rc).URuc,rz,anyr.()E7:uc,rz,anyrG3:conflict_user_Assign(ry,uz,uc).URuc,rz,anyr.URuz,ry,anyr.E3G1.,.:.,.(1)ruz,ryuz,Riprec_su_assignset(ry),rRi.E8G4:prec_su_assign(ry,{r})..(2)r,uzry,Riprec_au_assignset(ry),rRi.r.A9G5:prec_au_assign(ry,{r}).CPNGTRBAC.1(öö,1).1(a)öCPN,assignryde2assignry.ry,ry,1(a).SoD.,1(b)ryCPN,1(c)ryCPN.RBAC.,,CPN.2Fig.2Eventgraphforincompletespecifications:SoDRBAC,.:,ETG,PRBAC(RBACCPN)1385:PetriRBAC©1994-2006ChinaAcademicJournalElectronicPublishingHouse.Allrightsreserved.(RC,UR)(UC,UR)(RAC,URS)(UAC,URS)(ER,DR),.ETG,..:M0PRBAC(RBACCPN),M0.,.GTRABCCPN.3.3RBAC,RBAC.CPN.RBAC.RBACPetri,..,.Petri.3Fig.3Eventgraphforcorrectspecifications.:r0r1r2u0.r1r0(r0r1r0r1),r1r2,r1r2.2RBAC.(r0r1r2),SoDr1r2,:(r1,r2)ssd.,2,r0r2u0r1r2.SoD.,r1r2,r0r2SoD.r0r1,r0r1,r0r2SoD.3,r0r2SoD,:(r1,r2)and(r0,r2)ssd..4RBACCPN.CPNTRBACöGTR2BAC,RBAC.PetriRBAC..References:1BertinoE,BonattiPA,FerrariE.TRBAC:Atemporalrole2basedaccesscontrolmodelJ.ACMTransactionsonInforma2tionandSystemSecurity,August2001,4(3):191233.2AhnG,SandhuR.Role2basedauthorizationconstraintsspecifi2cationJ.ACMTransactionsonInformationandSystemSecuri2ty,November2000,3(4):207226.3FerraioloDF,SandhuR,GavrilaS,KuhnDR,ChandramouliR.ProposedNISTstandardforrole2basedaccesscontrolJ.ACMTransactionsonInformationandSystemSecurity(TISSEC)2001,4(3),August224274.4JensenK.Colouredpetrinets:basicconcepts,analysismethodsandpracticaluseM.Volume1,SpringerVerlag,1997.5Jo