Category-Based Authorisation Models: Operational Semantics and Expressive Power

In this paper we give an operational specification of a meta-model of access control using term rewriting. To demonstrate the expressiveness of the meta-model, we show how several traditional access control models, and also some novel models, can be defined as special cases. The operational specification that we give permits declarative representation of access control requirements, is suitable for fast prototyping of access control checking, and facilitates the process of proving properties of access control policies.

[1]  M. Newman On Theories with a Combinatorial Definition of "Equivalence" , 1942 .

[2]  Martín Abadi,et al.  A calculus for access control in distributed systems , 1991, TOPL.

[3]  Alan Bundy,et al.  Constructing Induction Rules for Deductive Synthesis Proofs , 2006, CLASE.

[4]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[5]  Clara Bertolissi,et al.  Dynamic Event-Based Access Control as Term Rewriting , 2007, DBSec.

[6]  John M. Boone,et al.  INTEGRITY-ORIENTED CONTROL OBJECTIVES: PROPOSED REVISIONS TO THE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (TCSEC), DoD 5200.28-STD , 1991 .

[7]  Jean-Pierre Jouannaud,et al.  Modular Termination of Term Rewriting Systems Revisited , 1994, COMPASS/ADT.

[8]  Anderson Santana de Oliveira Rewriting-Based Access Control Policies , 2006, SecReT@ICALP.

[9]  Gail-Joon Ahn,et al.  Data and Applications Security XXI , 2007 .

[10]  Donald Sannella,et al.  Extended ML: Past, Present, and Future , 1990, ADT.

[11]  Elisa Bertino,et al.  A generalized temporal role-based access control model , 2005, IEEE Transactions on Knowledge and Data Engineering.

[12]  Narciso Martí-Oliet,et al.  The Maude 2.0 System , 2003, RTA.

[13]  Tobias Nipkow,et al.  Term rewriting and all that , 1998 .

[14]  Ravi S. Sandhu,et al.  How to do discretionary access control using roles , 1998, RBAC '98.

[15]  Clara Bertolissi,et al.  Time and Location Based Services with Access Control , 2008, 2008 New Technologies, Mobility and Security.

[16]  Thomas Jensen,et al.  Smart Card Programming and Security , 2001, Lecture Notes in Computer Science.

[17]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[18]  Vincent van Oostrom,et al.  Combinatory Reduction Systems: Introduction and Survey , 1993, Theor. Comput. Sci..

[19]  Tim Berners-Lee,et al.  Creating a Policy-Aware Web: Discretionary, Rule-Based Access for the World Wide Web , 2008 .

[20]  Churn-Jung Liau,et al.  Belief, information acquisition, and trust in multi-agent systems--A modal logic formulation , 2003, Artif. Intell..

[21]  Steve Barker The next 700 access control models or a unifying meta-model? , 2009, SACMAT '09.

[22]  Maribel Fernández,et al.  Term Rewriting for Access Control , 2006, DBSec.

[23]  Frédéric Prost,et al.  Security policy in a declarative style , 2005, PPDP.

[24]  Luigi V. Mancini,et al.  A graph-based formalism for RBAC , 2002, TSEC.

[25]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[26]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[27]  Gilles Barthe,et al.  Jakarta: A Toolset for Reasoning about JavaCard , 2001, E-smart.

[28]  Ernesto Damiani,et al.  Data and Applications Security XX, 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Sophia Antipolis, France, July 31-August 2, 2006, Proceedings , 2006, DBSec.