Graphs and graph transformations are proposed as a uniform and precise framework for the specification of access control policies. In modeling Role Based Access Control, the formalism provides a specification of static and dynamic consistency conditions, a uniform treatment of user roles and administrative roles, and a symmetric treatment of user-role assignments and permission-role assignments. A methodology is described to systematically generate conditions to ensure the consistency of the state graph after applying operations on assignments. The uniform framework allows the comparison of different policy models and the precise description of the evolution of a policy, as well as the analysis of the interaction between two policies and the integration of two policies.
(joint work with L.V.Mancini and M.Koch)