RBAC-PAT: A Policy Analysis Tool for Role Based Access Control
Role-Based Access Control (RBAC) has been widely used for expressing
access control policies. Administrative Role-Based Access Control (ARBAC)
specifies how an RBAC policy may be changed by each administrator.
Because sequences of changes by different administrators may interact in
unintended ways, it is often difficult to fully understand the effect of
an ARBAC policy by simple inspection. This paper presents RBAC-PAT, a
tool for analyzing RBAC and ARBAC policies, which supports analysis of
various properties including reachability, availability, containment,
weakest precondition, dead roles, and information flows.