论文信息 - A Rule-based Approach to the Decidability of Safety of ABACα

A Rule-based Approach to the Decidability of Safety of ABACα

ABACα is a foundational model for attribute-based access control with a minimal set of capabilities to configure many access control models of interest, including the dominant traditional ones: discretionary (DAC), mandatory (MAC), and role-based (RBAC). A fundamental security problem in the design of ABAC is to ensure safety, that is, to guarantee that a certain subject can never gain certain permissions to access certain object(s). We propose a rule-based specification of ABACα and of its configurations, and the semantic framework of ρLog to turn this specification into executable code for the operational model of ABACα. Next, we identify some important properties of the operational model which allow us to define a rule-based algorithm for the safety problem, and to execute it with ρLog. The outcome is a practical tool to check safety of ABACα configurations. ρLog is a system for rule-based programming with strategies and built-in support for constraint logic programming (CLP). We argue that ρLog is an adequate framework for the specification and verification of safety of ABACα configurations. In particular, the authorization policies of ABACα can be interpreted properly by the CLP component of ρLog, and the operations of its functional specification can be described by five strategies defined by conditional rewrite rules.

[1] Ravi Sandhu,et al. Safety of ABAC α Is Decidable , 2017 .

[2] Temur Kutsia,et al. Foundations of the rule-based system ρLog , 2006, J. Appl. Non Class. Logics.

[3] Ravi S. Sandhu,et al. Safety Decidability for Pre-Authorization Usage Control with Finite Attribute Domains , 2016, IEEE Transactions on Dependable and Secure Computing.

[4] Ravi S. Sandhu,et al. Safety of ABAC _\alpha Is Decidable , 2017, NSS.

[5] Xin Jin,et al. Attribute-based access control models and implementation in cloud infrastructure as a service , 2014 .

[6] Temur Kutsia,et al. Solving equations with sequence variables and sequence functions , 2007, J. Symb. Comput..

[7] Tetsuo Ida,et al. Rule-based programming with /spl rho/Log , 2005, Seventh International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC'05).

[8] Stephen Wolfram,et al. The Mathematica Book , 1996 .

[9] Jeffrey D. Ullman,et al. Protection in operating systems , 1976, CACM.

[10] Xin Jin,et al. A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC , 2012, DBSec.

[11] Temur Kutsia,et al. Solving Equations Involving Sequence Variables and Sequence Functions , 2004, AISC.

[12] Jaehong Park,et al. The UCONABC usage control model , 2004, TSEC.