On the complexity of role updating feasibility problem in RBAC

• Published in: Information processing letters Vol. 114; no. 11; pp. 597 - 602
• Main Authors: Lu, Jianfeng, Xu, Dewu, Jin, Lei, Han, Jianmin, Peng, Hao
• Format: Journal Article
• Language: English
• Published: Amsterdam Elsevier B.V 01.11.2014; Elsevier Sequoia S.A
• Subjects: Access control; Complexity; Complexity theory; Computation; Computational complexity; Control systems; Data processing; Evolution; Feasibility; Feasibility studies; Mathematical problems; Role based access control; Role updating feasibility problem; Role updating feasibility problem; Computational complexity; Role based access control
• ISSN: 0020-0190; 1872-6119
• DOI: 10.1016/j.ipl.2014.06.003

In Role Based Access Control (RBAC) systems, it is necessary and important to update the role–permission assignments in order to reflect the evolutions of the system transactions. However, role updating is generally complex and challenging, especially for large-scale RBAC systems. This is because the resulting state is usually expected to meet various requirements and constraints. In this paper, we focus on a fundamental problem of role updating in RBAC, which determines whether there exists a valid role–permission assignment, i.e., whether it can satisfy all the requirements of the role updating and without violating any role–capacity or permission–capacity constraint. We formally define such a problem as the Role Updating Feasibility Problem (RUFP), and study the computational complexity of RUFP in different subcases. Our results show that although several subcases are solvable in linear time, this problem is NP-complete in the general case. •We define RUFP to determine whether there exists a valid RP assignment.•Several subcases of RUFP are solvable in linear time.•RUFP is intractable (NP-complete) in the general case.