An Efficient Framework for User Authorization Queries in RBAC Systems
The User Authorization Query (UAQ) Problem for RBAC, introduced by Zhang and Joshi, is to determine the set of roles to be activated in a single session for a particular set of permissions requested by the user. This set of roles must satisfy constraints that prevent certain combinations of roles to be activated in one session, and should follow the least privilege principle. The authors show that the existing approach to the UAQ problem is inadequate, and propose two approaches for solving the UAQ problem. In the first approach, they develop algorithms that use the backtracking-based search techniques developed in the artificial intelligence community. In the second approach, they reduce the problem to the MAXSAT problem which can be solved using available SAT solvers.