ABSTRACT
Access control has been proposed as "the" solution to prevent unauthorized accesses to sensitive system resources. Historically, access control models use a two-valued decision set to indicate whether an access should be granted or denied. Many access control models have extended the two-valued decision set to indicate, for instance, whether a policy is applicable to an access query or an error occurred during policy evaluation. Decision sets are often coupled with operators for combining decisions from multiple applicable policies. Although a larger decision set is more expressive, it may be necessary to reduce it to a smaller set in order to simplify the complexity of decision making or enable comparison between access control models. Moreover, some access control mechanisms like XACML~v3 uses more than one decision set. The projection from one decision set to the other may result in a loss of accuracy, which can affect the final access decision. In this paper, we present a formal framework for the analysis and comparison of decision sets centered on the notion of decision reduction. In particular, we introduce the notion of safe reduction, which ensures that a reduction can be performed at any level of policy composition without changing the final decision. We demonstrate the framework by analyzing XACML v3 against the notion of safe reduction. From this analysis, we draw guidelines for the selection of the minimal decision set with respect to a given set of combining operators.
- eXtensible Access Control Markup Language (XACML) Version 2.0. OASIS Standard, OASIS, 2005.Google Scholar
- eXtensible Access Control Markup Language (XACML) Version 3.0. OASIS Standard, OASIS, 2012.Google Scholar
- O. Arieli and A. Avron. The value of the four values. Artificial Intelligence, 102(1):97--141, 1998. Google ScholarDigital Library
- P. Ashley, S. Hada, G. Karjoth, C. Powers, and M. Schunter. Enterprise Privacy Authorization Language (EPAL). Technical report, IBM Research, Rüschlikon, 2003.Google Scholar
- D. E. Bell and L. J. LaPadula. Secure computer systems: A mathematical model, Volume II. Journal of Computer Security, 4(2/3):229--263, 1996.Google Scholar
- D. F. C. Brewer and M. J. Nash. The Chinese Wall Security Policy. In Proceedings of Symposium on Security and Privacy, pages 329--339. IEEE, 1989.Google ScholarCross Ref
- G. Bruns and M. Huth. Access control via Belnap logic: Intuitive, expressive, and analyzable policy composition. TISSEC, 14(1):9, 2011. Google ScholarDigital Library
- P.-C. Cheng, P. Rohatgi, C. Keser, P. A. Karger, G. M. Wagner, and A. S. Reninger. Fuzzy multi-level security: An experiment on quantified risk-adaptive access control. In Proceedings of Symposium on Security and Privacy, pages 222--230. IEEE, 2007. Google ScholarDigital Library
- J. Crampton and M. Huth. An authorization framework resilient to policy evaluation failures. In Computer Security, LNCS 6345, pages 472--487. Springer, 2010. Google ScholarDigital Library
- J. Crampton and C. Morisset. PTaCL: A language for attribute-based access control in open systems. In Proceedings of POST, LNCS 7215, pages 390--409. Springer, 2012. Google ScholarDigital Library
- S. De Capitani Di Vimercati, S. Foresti, P. Samarati, and S. Jajodia. Access control policies and languages. Int. J. Comput. Sci. Eng., 3(2):94--102, 2007. Google ScholarDigital Library
- D. F. Ferraiolo and D. R. Kuhn. Role-based access control. In Proceedings of the 15th National Computer Security Conference, pages 554--563, 1992.Google Scholar
- M. Harrison, W. Ruzzo, and J. Ullman. Protection in operating systems. Commun.\ ACM, 19(8):461--471, 1976. Google ScholarDigital Library
- W. Jobe. Functional completeness and canonical forms in many-valued logics. Journal of Symbolic Logic, 27(4):409--422, 1962.Google ScholarCross Ref
- B. W. Lampson. Protection. SIGOPS Oper. Syst. Rev., 8(1):18--24, 1974. Google ScholarDigital Library
- N. Li, Q. Wang, W. H. Qardaji, E. Bertino, P. Rao, J. Lobo, and D. Lin. Access control policy combining: theory meets practice. In Proceedings of 14th ACM SACMAT, pages 135--144. ACM, 2009. Google ScholarDigital Library
- Q. Ni, E. Bertino, and J. Lobo. D-algebra for composing access control policy decisions. In Proceedings of ACM AsiaCCS, pages 298--309. ACM, 2009. Google ScholarDigital Library
- P. Rao, D. Lin, E. Bertino, N. Li, and J. Lobo. An algebra for fine-grained integration of XACML policies. In Proceedings of 14th ACM SACMAT, pages 63--72. ACM, 2009. Google ScholarDigital Library
- D. Trivellato, N. Zannone, M. Glaundrup, J. Skowronek, and S. Etalle. A semantic security framework for systems of systems. Int. J. Cooperative Inf. Syst., 22(1), 2013.Google ScholarCross Ref
- M. C. Tschantz and S. Krishnamurthi. Towards reasonability properties for access-control policy languages. In Proceedings of 11th ACM SACMAT, pages 160--169. ACM, 2006. Google ScholarDigital Library
- T. Y. C. Woo and S. S. Lam. Authorizations in distributed systems: A new approach. Journal of Computer Security, 2(2--3):107--136, 1993.Google ScholarCross Ref
Index Terms
- Reduction of access control decisions
Recommendations
Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC)
ABAC '16: Proceedings of the 2016 ACM International Workshop on Attribute Based Access ControlExtensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC) are very different attribute based access control standards with similar goals and objectives. An objective of both is to provide a standardized way for ...
Entity-Based Access Control: supporting more expressive access control policies
ACSAC '15: Proceedings of the 31st Annual Computer Security Applications ConferenceAccess control is an important part of security that restricts the actions that users can perform on resources. Policy models specify how these restrictions are formulated in policies. Over the last decades, we have seen several such models, including ...
A network access control approach based on the AAA architecture and authorization attributes
Network access control mechanisms constitute an increasingly needed service, when communications are becoming more and more ubiquitous thanks to some technologies such as wireless networks or Mobile IP. This paper presents a particular scenario where ...
Comments