Abstract
In this paper we give an operational specification of a meta-model of access control using term rewriting. To demonstrate the expressiveness of the meta-model, we show how several traditional access control models, and also some novel models, can be defined as special cases. The operational specification that we give permits declarative representation of access control requirements, is suitable for fast prototyping of access control checking, and facilitates the process of proving properties of access control policies.
Keywords
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abadi, M., Burrows, M., Lampson, B.W., Plotkin, G.D.: A calculus for access control in distributed systems. ACM Trans. Program. Lang. Syst. 15(4), 706–734 (1993)
ANSI. RBAC, INCITS 359-2004 (2004)
Baader, F., Nipkow, T.: Term rewriting and all that. Cambridge University Press, Great Britain (1998)
Barker, S.: The next 700 access control models or a unifying meta-model? In: Proceedings of the ACM Int. Conf. SACMAT 2009, pp. 187–196. ACM Press, New York (2009)
Barker, S., Fernández, M.: Term rewriting for access control. In: Damiani, E., Liu, P. (eds.) Data and Applications Security 2006. LNCS, vol. 4127, pp. 179–193. Springer, Heidelberg (2006)
Barthe, G., Dufay, G., Huisman, M., Melo de Sousa, S.: Jakarta: a toolset to reason about the JavaCard platform. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, p. 2. Springer, Heidelberg (2001)
Bell, D.E., LaPadula, L.J.: Secure computer system: Unified exposition and multics interpretation. MITRE-2997 (1976)
Bertolissi, C., Fernández, M.: Time and location based services with access control. In: Proceedings of the 2nd IFIP International Conference on New Technologies, Mobility and Security. IEEEXplore (2008)
Bertolissi, C., Fernández, M., Barker, S.: Dynamic event-based access control as term rewriting. In: Barker, S., Ahn, G.-J. (eds.) Data and Applications Security 2007. LNCS, vol. 4602, pp. 195–210. Springer, Heidelberg (2007)
Clavel, M., Durán, F., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., Talcott, C.: The Maude 2.0 system. In: Nieuwenhuis, R. (ed.) RTA 2003. LNCS, vol. 2706, pp. 76–87. Springer, Heidelberg (2003)
Echahed, R., Prost, F.: Security policy in a declarative style. In: Proc. 7th ACM-SIGPLAN Symposium on Principles and Practice of Declarative Programming (PPDP 2005). ACM Press, New York (2005)
Fernández, M., Jouannaud, J.-P.: Modular termination of term rewriting systems revisited. In: Reggio, G., Astesiano, E., Tarlecki, A. (eds.) Abstract Data Types 1994 and COMPASS 1994. LNCS, vol. 906. Springer, Heidelberg (1995)
Ferraiolo, D.F., Sandhu, R.S., Gavrila, S.I., Richard Kuhn, D., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM TISSEC 4(3), 224–274 (2001)
Jajodia, S., Samarati, P., Sapino, M., Subrahmaninan, V.S.: Flexible support for multiple access control policies. ACM TODS 26(2), 214–260 (2001)
Joshi, J., Bertino, E., Latif, U., Ghafoor, A.: A generalized temporal role-based access control model. IEEE Trans. Knowl. Data Eng. 17(1), 4–23 (2005)
Klop, J.-W., van Oostrom, V., van Raamsdonk, F.: Combinatory reduction systems, introduction and survey. Theoretical Computer Science 121, 279–308 (1993)
Koch, M., Mancini, L., Parisi-Presicce, F.: A graph based formalism for rbac. In: SACMAT, pp. 129–187 (2004)
Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust-management framework. In: IEEE Symposium on Security and Privacy, pp. 114–130 (2002)
Liau, C.-J.: Belief, information acquisition, and trust in multi-agent systems–a modal logic formulation. Artif. Intell. 149(1), 31–60 (2003)
Newman, M.H.A.: On theories with a combinatorial definition of equivalence. Annals of Mathematics 43(2), 223–243 (1942)
Department of Defense. Trusted computer system evaluation criteria (1983); DoD 5200.28-STD
Sandhu, R.S., Munawer, Q.: How to do discretionary access control using roles. In: ACM Workshop on Role-Based Access Control, pp. 47–54 (1998)
Santana de Oliveira, A.: Rewriting-based access control policies. In: Proceedings of SECRET 2006, Venice, Italy. Electronic Notes in Theoretical Computer Science. Elsevier, Amsterdam (2007) (to appear)
Weitzner, D.J., Hendler, J., Berners-Lee, T., Connolly, D.: Creating a policy-aware web: Discretionary, rule-based access for the world wide web. In: Web and Information Security (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bertolissi, C., Fernández, M. (2010). Category-Based Authorisation Models: Operational Semantics and Expressive Power. In: Massacci, F., Wallach, D., Zannone, N. (eds) Engineering Secure Software and Systems. ESSoS 2010. Lecture Notes in Computer Science, vol 5965. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11747-3_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-11747-3_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-11746-6
Online ISBN: 978-3-642-11747-3
eBook Packages: Computer ScienceComputer Science (R0)