A relational database integrity framework for access control policies

Access control is one of the most common and versatile mechanisms used for information systems security enforcement. An access control model formally describes how to decide whether an access request should be granted or denied. Since the role-based access control initiative has been proposed in the 90s, several access control models have been studied in the literature. An access control policy is an instance of a model. It defines the set of basic facts used in the decision process. Policies must satisfy a set of constraints defined in the model, which reflect some high level organization requirements. First-order logic has been advocated for some time as a suitable framework for access control models. Many frameworks have been proposed, focusing mainly on expressing complex access control models. However, though formally expressed, constraints are not defined in a unified language that could lead to some well-founded and generic enforcement procedures. Therefore, we make a clear distinction by proposing a logical framework focusing primarily on constraints, while keeping as much as possible a unified way of expressing constraints, policies, models, and reference monitors. This framework is closely tied to relational database integrity models. We then show how to use well-founded procedures in order to enforce and check constraints. Without requiring any rewriting previous to the inference process, these procedures provide clean and intuitive debugging traces for administrators. This approach is a step toward bridging the gap between general but hard to maintain formalisms and effective but insufficiently general ones.

[1]  David F. Ferraiolo,et al.  On the formal definition of separation-of-duty policies and their composition , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[2]  Sergey Yekhanin,et al.  Towards 3-query locally decodable codes of subexponential length , 2008, JACM.

[3]  Akhil Kumar,et al.  W-RBAC - A Workflow Security Model Incorporating Controlled Overriding of Constraints , 2003, Int. J. Cooperative Inf. Syst..

[4]  Catriel Beeri,et al.  A Proof Procedure for Data Dependencies , 1984, JACM.

[5]  Elisa Bertino,et al.  GEO-RBAC: a spatially aware RBAC , 2005, SACMAT '05.

[6]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[7]  John DeTreville,et al.  Binder, a logic-based security language , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[8]  Elisa Bertino,et al.  A logical framework for reasoning about access control models , 2001, SACMAT '01.

[9]  Akhil Kumar,et al.  DW-RBAC: A formal security model of delegation and revocation in workflow systems , 2007, Inf. Syst..

[10]  Ravi S. Sandhu,et al.  Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management , 1997, DBSec.

[11]  Jean H. Gallier,et al.  Logic for Computer Science: Foundations of Automatic Theorem Proving , 1985 .

[12]  Serban I. Gavrila,et al.  Formal specification for role based access control user/role and role/role relationship management , 1998, RBAC '98.

[13]  J StuckeyPeter,et al.  Flexible access control policy specification with constraint logic programming , 2003 .

[14]  Joseph Y. Halpern,et al.  Using first-order logic to reason about policies , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[15]  Roshan K. Thomas,et al.  Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments , 1997, RBAC '97.

[16]  Michael J. Maher,et al.  Chasing constrained tuple-generating dependencies , 1996, PODS.

[17]  D. Richard Kuhn,et al.  Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems , 1997, RBAC '97.

[18]  Joseph Y. Halpern,et al.  Using First-Order Logic to Reason about Policies , 2008, TSEC.

[19]  Stéphane Coulondre,et al.  A top-down proof procedure for generalized data dependencies , 2003, Acta Informatica.

[20]  Trevor Jim,et al.  SD3: a trust management system with certified evaluation , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[21]  Ronald Fagin,et al.  Inverting schema mappings , 2006, TODS.

[22]  Joan Feigenbaum,et al.  Delegation logic: A logic-based approach to distributed authorization , 2003, TSEC.

[23]  Elisa Bertino,et al.  A generalized temporal role-based access control model , 2005, IEEE Transactions on Knowledge and Data Engineering.

[24]  Trent Jaeger,et al.  Practical safety in flexible access control models , 2001, TSEC.

[25]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[26]  Jan Chomicki,et al.  Minimal-change integrity maintenance using tuple deletions , 2002, Inf. Comput..

[27]  Andrea Calì,et al.  Taming the Infinite Chase: Query Answering under Expressive Relational Constraints , 2008, Description Logics.

[28]  Elisa Bertino,et al.  A Critique of the ANSI Standard on Role-Based Access Control , 2007, IEEE Security & Privacy.

[29]  Alexandre Miège Définition d'un environnement formel d'expression de politiques de sécurité : Modèle Or-BAC et extensions , 2005 .

[30]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[31]  Jason Crampton,et al.  Specifying and enforcing constraints in role-based access control , 2003, SACMAT '03.

[32]  Ninghui Li,et al.  On mutually-exclusive roles and separation of duty , 2004, CCS '04.

[33]  Elisa Bertino,et al.  TRBAC , 2001, ACM Trans. Inf. Syst. Secur..

[34]  Benedict G. E. Wiedemann Protection? , 1998, Science.

[35]  Jorge Lobo,et al.  Privacy-aware role based access control , 2009, SACMAT '07.

[36]  Gail-Joon Ahn,et al.  The RSL99 language for role-based separation of duty constraints , 1999, RBAC '99.

[37]  Ninghui Li,et al.  DATALOG with Constraints: A Foundation for Trust Management Languages , 2003, PADL.

[38]  Serge Abiteboul,et al.  Foundations of Databases , 1994 .

[39]  Ravi S. Sandhu,et al.  Lattice-based access control models , 1993, Computer.

[40]  Jorge Lobo,et al.  Access control policy combining: theory meets practice , 2009, SACMAT '09.

[41]  Peter J. Stuckey,et al.  Flexible access control policy specification with constraint logic programming , 2003, TSEC.

[42]  Messaoud Benantar,et al.  Access Control Systems: Security, Identity Management and Trust Models , 2005 .