Policy algebras for access control: the propositional case

Although different organizations operate under different requirements for protection of their data, increasingly there is a need for organizations to connect their computing resources together to achieve common goals. The fundamental problem addressed in this paper is to capture the algebra used in composing access control policies of collaborating organizations. In doing so, we seek a framework that can be viewed at many levels of abstraction (such as abstract vs. explicit or propositional vs. predicate), independent of implementation mechanisms and environments, and is expressive enough to model existing practices of policy compositions.Propositional version consists of a syntax where policies are viewed as abstract symbols, and semantics consists of authorization state transformers, where an authorization state is a collection of (subject, object, access set) triples and a set of propositions satisfied by them. Syntactic rules are provided to simplify policy expressions without knowing their semantics, thereby supporting algebraic manipulations of uninterpreted policies. Because our algebra is at an abstract level, it can model any policy independent of the language that is used to implement it. We show how to reason about completeness, consistency, unambiguity and of abstractly specified policies and their semantic equivalence.

[1]  Sabrina De Capitani di Vimercati,et al.  A modular approach to composing access control policies , 2000, CCS.

[2]  David Harel,et al.  Statecharts: A Visual Formalism for Complex Systems , 1987, Sci. Comput. Program..

[3]  Bowen Alpern,et al.  Defining Liveness , 1984, Inf. Process. Lett..

[4]  John McLean,et al.  A General Theory of Composition for a Class of "Possibilistic'' Properties , 1996, IEEE Trans. Software Eng..

[5]  Sushil Jajodia,et al.  Provisional Authorizations , 2001, E-Commerce Security and Privacy.

[6]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[7]  Elisa Bertino,et al.  A unified framework for enforcing multiple access control policies , 1997, SIGMOD '97.

[8]  Sushil Jajodia,et al.  A logical language for expressing authorizations , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[9]  David F. Ferraiolo,et al.  On the formal definition of separation-of-duty policies and their composition , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[10]  John McLean,et al.  A general theory of composition for trace sets closed under selective interleaving functions , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[11]  Vijay Varadharajan,et al.  A logic for state transformations in authorization policies , 1997, Proceedings 10th Computer Security Foundations Workshop.

[12]  Dexter Kozen,et al.  Language-Based Security , 1999, MFCS.

[13]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[14]  Mary Ellen Zurko,et al.  Separation of duty in role-based environments , 1997, Proceedings 10th Computer Security Foundations Workshop.

[15]  John McLean,et al.  The algebra of security , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.