Specification and Analysis of Dynamic Authorisation Policies

This paper presents a language, based on transaction logic, for specifying dynamic authorisation policies, i.e., rules governing actions that may depend on and update the authorisation state. The language is more expressive than previous dynamic authorisation languages, featuring conditional bulk insertions and retractions of authorisation facts, non-monotonic negation, and nested action definitions with transactional execution semantics. Two complementary policy analysis methods are also presented, one based on AI planning for verifying reachability properties in finite domains, and the second based on automated theorem proving, for checking policy invariants that hold for all sequences of actions and in arbitrary, including infinite, domains. The combination of both methods can analyse a wide range of security properties, including safety, availability and containment.

[1]  Radha Jagadeesan,et al.  Timed constraint programming: a declarative approach to usage control , 2005, PPDP '05.

[2]  V. Lifschitz,et al.  Foundations of Logic Programming , 1997 .

[3]  John C. Mitchell,et al.  Managing Digital Rights using Linear Logic , 2006, 21st Annual IEEE Symposium on Logic in Computer Science (LICS'06).

[4]  Sebastian Nanz,et al.  A logic for state-modifying authorization policies , 2007, TSEC.

[5]  Mary Ellen Zurko,et al.  Separation of duty in role-based environments , 1997, Proceedings 10th Computer Security Foundations Workshop.

[6]  V. S. Subrahmanian,et al.  Complexity, Decidability and Undecidability Results for Domain-Independent Planning , 1995, Artif. Intell..

[7]  Malte Helmert,et al.  MIPS: The Model-Checking Integrated Planning System , 2001, AI Mag..

[8]  Moritz Y. Becker Cassandra: flexible trust management and its application to electronic health records , 2005 .

[9]  Michael Kifer,et al.  An Overview of Transaction Logic , 1994, Theor. Comput. Sci..

[10]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[11]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[12]  S. Kupferschmid,et al.  Adapting an AI Planning Heuristic for Directed Model Checking , 2006, SPIN.

[13]  Kathi Fisler,et al.  Obligations and Their Interaction with Programs , 2007, ESORICS.

[14]  Bernhard Nebel,et al.  The FF Planning System: Fast Plan Generation Through Heuristic Search , 2011, J. Artif. Intell. Res..

[15]  Andrew D. Gordon,et al.  Design and Semantics of a Decentralized Authorization Language , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[16]  Yuri Gurevich,et al.  DKAL: Distributed-Knowledge Authorization Language , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[17]  Alessandra Russo,et al.  Using event calculus to formalise policy specification and analysis , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[18]  Mark Ryan,et al.  Synthesising verified access control systems through model checking , 2008, J. Comput. Secur..

[19]  Amedeo Cesta,et al.  Recent Advances in AI Planning , 1997, Lecture Notes in Computer Science.

[20]  Maria Fox,et al.  PDDL2.1: An Extension to PDDL for Expressing Temporal Planning Domains , 2003, J. Artif. Intell. Res..

[21]  Moritz Y. Becker Information governance in NHS's NPfIT: A case for policy specification , 2007, Int. J. Medical Informatics.

[22]  Teodor C. Przymusinski On the Declarative Semantics of Deductive Databases and Logic Programs , 1988, Foundations of Deductive Databases and Logic Programming..

[23]  John C. Shepherdson,et al.  Unfold/fold transformations of logic programs , 1992, Mathematical Structures in Computer Science.

[24]  Fausto Giunchiglia,et al.  Planning as Model Checking , 1999, ECP.

[25]  Sushil Jajodia,et al.  Incorporating Dynamic Constraints in the Flexible Authorization Framework , 2004, ESORICS.

[26]  Michael Kifer,et al.  Transaction Logic Programming , 1993, ICLP.

[27]  John McCarthy,et al.  SOME PHILOSOPHICAL PROBLEMS FROM THE STANDPOINT OF ARTI CIAL INTELLIGENCE , 1987 .

[28]  Marek J. Sergot,et al.  A logic-based calculus of events , 1989, New Generation Computing.

[29]  Joan Feigenbaum,et al.  A practically implementable and tractable delegation logic , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[30]  Kathi Fisler,et al.  Specifying and Reasoning About Dynamic Access-Control Policies , 2006, IJCAR.

[31]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[32]  Ninghui Li,et al.  Beyond proof-of-compliance: security analysis in trust management , 2005, JACM.

[33]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[34]  C. R. Ramakrishnan,et al.  Efficient policy analysis for administrative role based access control , 2007, CCS '07.

[35]  Martín Abadi,et al.  A Calculus for Access Control in Distributed Systems , 1991, CRYPTO.

[36]  Serge Abiteboul,et al.  Foundations of Databases , 1994 .

[37]  Zijiang Yang,et al.  Policy analysis for administrative role based access control , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[38]  Letizia Tanca,et al.  What you Always Wanted to Know About Datalog (And Never Dared to Ask) , 1989, IEEE Trans. Knowl. Data Eng..

[39]  Richard Fikes,et al.  STRIPS: A New Approach to the Application of Theorem Proving to Problem Solving , 1971, IJCAI.

[40]  Ravi S. Sandhu,et al.  The ARBAC97 model for role-based administration of roles: preliminary description and outline , 1997, RBAC '97.

[41]  Trevor Jim,et al.  SD3: a trust management system with certified evaluation , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[42]  Joan Feigenbaum,et al.  The Role of Trust Management in Distributed Systems Security , 2001, Secure Internet Programming.

[43]  Peter Sewell,et al.  Cassandra: flexible trust management, applied to electronic health records , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..