The next 700 access control models or a unifying meta-model?

We address some fundamental questions, which were raised by Atluri and Ferraiolo at SACMAT'08, on the prospects for and benefits of a meta-model of access control. We demonstrate that a meta-model for access control can be defined and that multiple access control models can be derived as special cases. An anticipated consequence of the contribution that we describe is to encourage researchers to adopt a meta-model view of access control rather than them developing the next 700 particular instances of access control models.

[1]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[2]  Chitta Baral,et al.  Logic Programming and Knowledge Representation , 1994, J. Log. Program..

[3]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[4]  Tim Berners-Lee,et al.  Creating a Policy-Aware Web: Discretionary, Rule-Based Access for the World Wide Web , 2008 .

[5]  Ronald L. Rivest,et al.  Certificate Chain Discovery in SPKI/SDSI , 2002, J. Comput. Secur..

[6]  Churn-Jung Liau,et al.  Belief, information acquisition, and trust in multi-agent systems--A modal logic formulation , 2003, Artif. Intell..

[7]  John W. Lloyd,et al.  A Completeness Theorem for SLDNF Resolution , 1989, J. Log. Program..

[8]  Gerd Wagner,et al.  Design Rationale for RuleML: A Markup Language for Semantic Web Rules , 2001, SWWS.

[9]  Elisa Bertino,et al.  An access control model supporting periodicity constraints and temporal reasoning , 1998, TODS.

[10]  P. J. Landin,et al.  The next 700 programming languages , 1966, CACM.

[11]  Andreas Matheus,et al.  How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[12]  Andrew D. Gordon,et al.  Design and Semantics of a Decentralized Authorization Language , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[13]  Samir Genaim,et al.  Inferring termination conditions for logic programs using backwards analysis , 2001, Theory and Practice of Logic Programming.

[14]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[15]  Peter J. Stuckey,et al.  Flexible access control policy specification with constraint logic programming , 2003, TSEC.

[16]  Duminda Wijesekera,et al.  Status-Based Access Control , 2008, TSEC.

[17]  Elisa Bertino,et al.  A generalized temporal role-based access control model , 2005, IEEE Transactions on Knowledge and Data Engineering.

[18]  Vijayalakshmi Atluri,et al.  A meta model for access control: why is it needed and is it even possible to achieve? , 2008, SACMAT '08.

[19]  Ravi S. Sandhu,et al.  How to do discretionary access control using roles , 1998, RBAC '98.

[20]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.