{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T01:05:48Z","timestamp":1773450348094,"version":"3.50.1"},"reference-count":60,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2024,11,9]],"date-time":"2024-11-09T00:00:00Z","timestamp":1731110400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nd\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Priv. Secur."],"published-print":{"date-parts":[[2025,2,28]]},"abstract":"\n As systems evolve, security administrators need to review and update access control policies. Such updates must be carefully controlled due to the risks associated with erroneous or malicious policy changes. We propose a category-based access control (CBAC) model, called\n Admin-CBAC<\/jats:italic>\n , to control administrative actions. Since most of the access control models in use nowadays (including the popular RBAC and ABAC models) are instances of CBAC, from\n Admin-CBAC<\/jats:italic>\n , we derive administrative models for RBAC and ABAC, too. We present a graph-based representation of\n Admin-CBAC<\/jats:italic>\n policies and a formal operational semantics for administrative actions via graph rewriting. We also discuss implementations of\n Admin-CBAC<\/jats:italic>\n exploiting the graph-based representation. Using the formal semantics, we show how properties (such as safety, liveness, and effectiveness of policies) and constraints (such as separation of duties) can be checked, and discuss the impact of policy changes. Although the most interesting properties of policies are generally undecidable in dynamic access control models, we identify particular cases where reachability properties are decidable and can be checked using our operational semantics, generalising previous results for RBAC and\n ABAC<\/jats:italic>\n \u03b1<\/jats:sub>\n .\n <\/jats:p>","DOI":"10.1145\/3698199","type":"journal-article","created":{"date-parts":[[2024,9,28]],"date-time":"2024-09-28T11:11:32Z","timestamp":1727521892000},"page":"1-35","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["Category-Based Administrative Access Control Policies"],"prefix":"10.1145","volume":"28","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9283-1386","authenticated-orcid":false,"given":"Clara","family":"Bertolissi","sequence":"first","affiliation":[{"name":"CNRS, LIS, Aix-Marseille Universit\u00e9, Marseille, France"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8325-5815","authenticated-orcid":false,"given":"Maribel","family":"Fernandez","sequence":"additional","affiliation":[{"name":"Department of Informatics, King's College London, London, United Kingdom of Great Britain and Northern Ireland"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4653-2080","authenticated-orcid":false,"given":"Bhavani","family":"Thuraisingham","sequence":"additional","affiliation":[{"name":"Department of Computer Science, The University of Texas at Dallas, Richardson, United States"}]}],"member":"320","published-online":{"date-parts":[[2024,11,9]]},"reference":[{"key":"e_1_3_2_2_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-64701-2_19"},{"key":"e_1_3_2_3_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.tcs.2016.10.018"},{"key":"e_1_3_2_4_2","doi-asserted-by":"publisher","DOI":"10.1109\/IRI49571.2020.00076"},{"key":"e_1_3_2_5_2","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2022.3216297"},{"key":"e_1_3_2_6_2","doi-asserted-by":"publisher","DOI":"10.1145\/3445969.3450428"},{"key":"e_1_3_2_7_2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"99","DOI":"10.1007\/978-3-319-95729-6_7","volume-title":"DBSec\u201918","author":"Argento L.","year":"2018","unstructured":"L. Argento, A. Margheri, F. Paci, V. Sassone, and N. Zannone. 2018. Towards adaptive access control. In DBSec\u201918(Lecture Notes in Computer Science, Vol. 10980). Springer, 99\u2013109."},{"key":"e_1_3_2_8_2","doi-asserted-by":"crossref","first-page":"17","DOI":"10.1007\/978-3-642-22444-7_2","volume-title":"Security and Trust Management","author":"Armando A.","year":"2011","unstructured":"A. Armando and S. Ranise. 2011. Automated symbolic analysis of ARBAC-policies. In Security and Trust Management, J. Cuellar, J. Lopez, G. Barthe, and A. Pretschner (Eds.). Springer, Berlin, 17\u201334."},{"key":"e_1_3_2_9_2","volume-title":"Social Cognition: An Integrated Introduction","author":"Augoustinos M.","year":"2014","unstructured":"M. Augoustinos, I. Walker, and N. Donaghue. 2014. Social Cognition: An Integrated Introduction. Sage."},{"key":"e_1_3_2_10_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-45784-5_12"},{"key":"e_1_3_2_11_2","doi-asserted-by":"publisher","DOI":"10.1145\/3643650.3658608"},{"key":"e_1_3_2_12_2","first-page":"187","volume-title":"SACMAT\u201909","author":"Barker S.","year":"2009","unstructured":"S. Barker. 2009. The next 700 access control models or a unifying meta-model? In SACMAT\u201909. ACM Press, New York, 187\u2013196."},{"key":"e_1_3_2_13_2","doi-asserted-by":"publisher","DOI":"10.1145\/1410234.1410235"},{"issue":"4","key":"e_1_3_2_14_2","doi-asserted-by":"crossref","first-page":"501","DOI":"10.1145\/950191.950194","article-title":"Flexible access control policy specification with constraint logic programming","volume":"6","author":"Barker S.","year":"2003","unstructured":"S. Barker and P. Stuckey. 2003. Flexible access control policy specification with constraint logic programming. ACM Trans. Inf. Syst. Secur. 6, 4 (2003), 501\u2013546.","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"e_1_3_2_15_2","first-page":"140","volume-title":"ESSOS\u201910 (LNCS)","author":"Bertolissi C.","year":"2010","unstructured":"C. Bertolissi and M. Fern\u00e1ndez. 2010. Category-based authorisation models: Operational semantics and expressive power. In ESSOS\u201910 (LNCS). Vol. 5965, Springer, Berlin, 140\u2013156."},{"key":"e_1_3_2_16_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ic.2014.07.009"},{"key":"e_1_3_2_17_2","volume-title":"DBSEC\u201907 (LNCS)","author":"Bertolissi C.","year":"2007","unstructured":"C. Bertolissi, M. Fern\u00e1ndez, and S. Barker. 2007. Dynamic event-based access control as term rewriting. In DBSEC\u201907 (LNCS). Vol. 4602, Springer, Berlin."},{"key":"e_1_3_2_18_2","doi-asserted-by":"publisher","DOI":"10.1145\/3374664.3375725"},{"key":"e_1_3_2_19_2","doi-asserted-by":"publisher","DOI":"10.1145\/3422337.3447850"},{"key":"e_1_3_2_20_2","first-page":"62","volume-title":"PPDP\u201916","author":"Bertolissi C.","year":"2016","unstructured":"C. Bertolissi, J.-M. Talbot, and D. Villevalois. 2016. Analysis of access control policy updates through narrowing. In PPDP\u201916. ACM, New York, 62\u201375."},{"key":"e_1_3_2_21_2","doi-asserted-by":"publisher","DOI":"10.1109\/SocialCom.2013.23"},{"key":"e_1_3_2_22_2","unstructured":"A. Boulahbal. 2021. Implementation of CBAC Administrative Policies. Final Year Project King\u2019s College London."},{"key":"e_1_3_2_23_2","first-page":"193","volume-title":"Handbook of Theoretical Computer Science, Volume B: Formal Models and Semantics","author":"Courcelle B.","year":"1990","unstructured":"B. Courcelle. 1990. Graph rewriting: An algebraic and logic approach. In Handbook of Theoretical Computer Science, Volume B: Formal Models and Semantics, J. van Leeuwen (Ed.). Elsevier and MIT Press, 193\u2013242."},{"key":"e_1_3_2_24_2","doi-asserted-by":"publisher","DOI":"10.1145\/762476.762478"},{"key":"e_1_3_2_25_2","doi-asserted-by":"publisher","DOI":"10.1145\/1377836.1377852"},{"key":"e_1_3_2_26_2","series-title":"Electron. Proc. Theor. Comput. Sci.","first-page":"33","volume-title":"TERMGRAPH\u201914","author":"Eguchi N.","year":"2014","unstructured":"N. Eguchi. 2014. Complexity analysis of precedence terminating infinite graph rewrite systems. In TERMGRAPH\u201914(Electron. Proc. Theor. Comput. Sci., Vol. 183). 33\u201347. https:\/\/cgi.cse.unsw.edu.au\/eptcs\/paper.cgi?TERMGRAPH2014.3"},{"key":"e_1_3_2_27_2","doi-asserted-by":"publisher","DOI":"10.1142\/4180"},{"key":"e_1_3_2_28_2","doi-asserted-by":"publisher","DOI":"10.1017\/S0960129518000270"},{"key":"e_1_3_2_29_2","doi-asserted-by":"publisher","unstructured":"M. Fern\u00e1ndez and I. Mackie. 2024. Hierarchical higher-order port-graphs: A rewriting-based modelling language. In PPDP\u201924. ACM New York NY USA. DOI:10.1145\/3678232.3678238","DOI":"10.1145\/3678232.3678238"},{"key":"e_1_3_2_30_2","doi-asserted-by":"publisher","DOI":"10.1145\/3292006.3300033"},{"key":"e_1_3_2_31_2","doi-asserted-by":"publisher","DOI":"10.1145\/300830.300834"},{"key":"e_1_3_2_32_2","doi-asserted-by":"publisher","DOI":"10.1145\/1062455.1062502"},{"key":"e_1_3_2_33_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-46298-1_21"},{"key":"e_1_3_2_34_2","doi-asserted-by":"publisher","DOI":"10.1145\/360303.360333"},{"key":"e_1_3_2_35_2","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4939-9102-0","volume-title":"Modeling Biomolecular Site Dynamics, Methods and Protocols","author":"Hlavacek W. S.","year":"2019","unstructured":"W. S. Hlavacek (Ed.). 2019. Modeling Biomolecular Site Dynamics, Methods and Protocols. Springer."},{"key":"e_1_3_2_36_2","volume-title":"Guide to Attribute Based Access Control (ABAC) Definitions and Considerations.","author":"Hu V. C.","year":"2014","unstructured":"V. C. Hu, D. Ferraiolo, R. Kuhn, A. Schnitzer, K. Sandlin, R. Miller, and K. Scarfone. 2014. Guide to Attribute Based Access Control (ABAC) Definitions and Considerations.NIST Special Publication 800-162."},{"key":"e_1_3_2_37_2","doi-asserted-by":"publisher","DOI":"10.1109\/CIC.2016.022"},{"key":"e_1_3_2_38_2","doi-asserted-by":"publisher","DOI":"10.1049\/iet-ifs.2018.5010"},{"key":"e_1_3_2_39_2","first-page":"41","volume-title":"DBSec\u201912","author":"Jin X.","year":"2012","unstructured":"X. Jin, R. Krishnan, and R. Sandhu. 2012. A unified attribute-based access control model covering DAC, MAC and RBAC. In DBSec\u201912. Springer, Berlin, 41\u201355."},{"key":"e_1_3_2_40_2","first-page":"120","volume-title":"POLICY\u201903","author":"Kalam A. A. E.","year":"2003","unstructured":"A. A. E. Kalam, R. E. Baida, P. Balbiani, S. Benferhat, F. Cuppens, Y. Deswarte, A. Miege, C. Saurel, and G. Trouessin. 2003. Organization based access control. In POLICY\u201903. IEEE Press, 120\u2013131."},{"key":"e_1_3_2_41_2","unstructured":"A. Kiani. 2022. Implementation of CBAC Administrative Policies. Final Year Project King\u2019s College London."},{"key":"e_1_3_2_42_2","first-page":"129","volume-title":"SACMAT\u201904","author":"Koch M.","year":"2004","unstructured":"M. Koch, L. Mancini, and F. Parisi-Presicce. 2004. A graph based formalism for RBAC. In SACMAT\u201904. 129\u2013187."},{"key":"e_1_3_2_43_2","doi-asserted-by":"publisher","DOI":"10.1145\/373256.373280"},{"key":"e_1_3_2_44_2","doi-asserted-by":"publisher","DOI":"10.1145\/1229285.1229305"},{"key":"e_1_3_2_45_2","doi-asserted-by":"publisher","DOI":"10.1145\/3322431.3325416"},{"key":"e_1_3_2_46_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-17146-8_10"},{"key":"e_1_3_2_47_2","doi-asserted-by":"crossref","first-page":"367","DOI":"10.1007\/978-3-031-65175-5_26","volume-title":"ICT Systems Security and Privacy Protection","author":"Obrezkov Denis","year":"2024","unstructured":"Denis Obrezkov. 2024. Cognition behind access control: Usability comparison of rule- and category-based mechanisms. In ICT Systems Security and Privacy Protection, Nikolaos Pitropakis, Sokratis Katsikas, Steven Furnell, and Konstantinos Markantonakis (Eds.). Springer Nature Switzerland, Cham, 367\u2013380."},{"key":"e_1_3_2_48_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-57540-2_1"},{"issue":"3","key":"e_1_3_2_49_2","doi-asserted-by":"crossref","first-page":"1265","DOI":"10.1111\/j.1467-8659.2012.03119.x","article-title":"PORGY: A visual graph rewriting environment for complex systems","volume":"31","author":"Pinaud B.","year":"2012","unstructured":"B. Pinaud, G. Melan\u00e7on, and J. Dubois. 2012. PORGY: A visual graph rewriting environment for complex systems. Comput. Graph.Forum 31, 3 (2012), 1265\u20131274.","journal-title":"Comput. Graph.Forum"},{"key":"e_1_3_2_50_2","doi-asserted-by":"crossref","first-page":"99","DOI":"10.1007\/978-3-642-03564-7_6","volume-title":"Algebraic Informatics","author":"Plump Detlef","year":"2009","unstructured":"Detlef Plump. 2009. The graph programming language GP. In Algebraic Informatics, Symeon Bozapalidis and George Rahonis (Eds.). Springer Berlin, 99\u2013122."},{"key":"e_1_3_2_51_2","doi-asserted-by":"publisher","DOI":"10.4204\/eptcs.225.6"},{"key":"e_1_3_2_52_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-75396-6_13"},{"key":"e_1_3_2_53_2","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2015.2427834"},{"key":"e_1_3_2_54_2","doi-asserted-by":"crossref","first-page":"479","DOI":"10.1007\/978-3-540-25959-6_40","volume-title":"Applications of Graph Transformations with Industrial Relevance","author":"Rensink A.","year":"2004","unstructured":"A. Rensink. 2004. The GROOVE simulator: A tool for state space generation. In Applications of Graph Transformations with Industrial Relevance, John L. Pfaltz, Manfred Nagl, and Boris B\u00f6hlen (Eds.). Springer, 479\u2013485."},{"key":"e_1_3_2_55_2","volume-title":"Graph Databases","author":"Robinson I.","year":"2013","unstructured":"I. Robinson, J. Webber, and E. Eifr\u00e9m. 2013. Graph Databases. O\u2019Reilly Media."},{"key":"e_1_3_2_56_2","doi-asserted-by":"crossref","DOI":"10.1142\/3303","volume-title":"Handbook of Graph Grammars and Computing by Graph Transformations, Volume 1: Foundations","author":"Rozenberg G.","year":"1997","unstructured":"G. Rozenberg (Ed.). 1997. Handbook of Graph Grammars and Computing by Graph Transformations, Volume 1: Foundations. World Scientific."},{"key":"e_1_3_2_57_2","doi-asserted-by":"publisher","DOI":"10.1145\/300830.300839"},{"key":"e_1_3_2_58_2","doi-asserted-by":"publisher","DOI":"10.1145\/3510547.3517921"},{"key":"e_1_3_2_59_2","doi-asserted-by":"publisher","DOI":"10.5220\/0011272400003283"},{"key":"e_1_3_2_60_2","doi-asserted-by":"publisher","DOI":"10.4204\/eptcs.288.5"},{"key":"e_1_3_2_61_2","doi-asserted-by":"publisher","DOI":"10.1145\/1852666.1852694"}],"container-title":["ACM Transactions on Privacy and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3698199","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3698199","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:17:18Z","timestamp":1750295838000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3698199"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11,9]]},"references-count":60,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2025,2,28]]}},"alternative-id":["10.1145\/3698199"],"URL":"https:\/\/doi.org\/10.1145\/3698199","relation":{},"ISSN":["2471-2566","2471-2574"],"issn-type":[{"value":"2471-2566","type":"print"},{"value":"2471-2574","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,11,9]]},"assertion":[{"value":"2023-09-29","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-08-26","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-11-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}