Elisa Bertino
Barbara Catania
Abstract
The increased awareness of the importance of data protection has made access control a relevant component of current data management systems. Moreover, emerging applications and data models call for flexible and expressive access control models. This has led to an extensive research activity that has resulted in the definition of a variety of access control models that differ greatly with respect to the access control policies they support. Thus, the need arises for developing tools for reasoning about the characteristics of these models. These tools should support users in the tasks of model specification, analysis of model properties, and authorization management. For example, they must be able to identify inconsistencies in the model specification and must support the administrator in comparing the expressive power of different models. In this paper, we make a first step in this direction by proposing a formal framework for reasoning about access control models. The framework we propose is based on a logical formalism and is general enough to model discretionary, mandatory, and role-based access control models. Each instance of the proposed framework corresponds to a C-Datalog program, interpreted according to a stable model semantics. In the paper, besides giving the syntax and the formal semantics of our framework, we show some examples of its application. Additionally, we present a number of dimensions along which access control models can be analyzed and compared. For each dimension, we show decidability results and we present some examples of its application.
- Adam, N., Atluri, V., Bertino, E., and Ferrari, E. 2002. A Content-Based Authorization Model for Digital Libraries. IEEE Trans. Knowl. Data Eng. 14, 2 (March/April), 296--315. Google Scholar
- AGG. See http://tfs.cs.tu-berlin.de/agg/docu.html.Google Scholar
- Ammann, P. and Sandhu, R. 1991. Safety Analysis for the Extended Schematic Protection Model. In Proceedings of the IEEE Symposium on Security and Privacy. Oakland, California, 87--97.Google Scholar
- Atluri, V. and Huang, W. 2000. A Petri Net Based Safety Analysis of Workflow Authorization Models. J. Comput. Secu. 8, 2&3. Google Scholar
- Bell, D. and Padula, L. L. 1975. Secure Computer Systems: Unified Exposition and Multics Interpretation. Tech. Rep. ESD-TR-75-306, Hanscom Air Force Base, Bedford, MA.Google Scholar
- Bertino, E., Bettini, C., Ferrari, E., and Samarati, P. 1998. An Access Control Mechanism Supporting Periodicity Constraints and Temporal Reasoning. ACM Trans. Database Syst. 23, 3, 231--285. Google Scholar
- Bertino, E., Buccafurri, F., Ferrari, E., and Rullo, P. 2000. A Logic-Based Approach for Enforcing Access Control. J. Comput. Secu. 8, 2&3. Google Scholar
- Bertino, E., Catania, B., Ferrari, E., and Perlasca, P. 2002. A System to Specify and Manage Multipolicy Access Control Models. In Proceedings of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks. Google Scholar
- Bertino, E., Ferrari, E., and Atluri, V. 1999. The Specification and Enforcement of Authorization Constraints in Workflow Managenent Systems. ACM Trans. Inform. Syst. Secu. 2, 1, 65--104. Google Scholar
- Bertino, E., Samarati, P., and Jajodia, S. 1997. An Extended Authorization Model. IEEE Trans. Knowl. Data Engi. 9, 1 (January/February). Google Scholar
- Castano, S., Fugini, M., Martella, G., and Samarati, P. 1995. Database Security. Addison-Wesley. Google Scholar
- CORAL. \newblock See ftp.cs.wisc.edu/coral/.Google Scholar
- ECLiPSe. \newblock See http://www-icparc.doc.ic.ac.uk/eclipse/.Google Scholar
- Ehrig, H., Kreowski, H., Montanari, U., and Rozenberg, G., Eds. 1999. Handbook of Graph Grammars and Computing by Graph Transformation. vol. 2 (Applications, Languages, and Tools). World Scientific. Google Scholar
- Fernandez, E., Gudes, E., and Song, H. 1994. A Model for Evaluation and Administration of Security in Object-Oriented Databases. IEEE Trans. Knowl. Data Eng. 6, 275--292. Google Scholar
- Ferrari, E. and Thuraisingham, B. 2000. Secure Database Systems. In Advanced Databases: Technology and Design, O. Diaz and M. Piattini, Eds. Artech House, London.Google Scholar
- Gaifman, H., Mairson, H., Sagiv, Y., and Vardi, M. 1987. Undecidable Optimization Problems in Database Logic Programs. In Proceedings of the 2nd IEEE Symposium on Logic in Computer. 106--115.Google Scholar
- Glauert, J., Kennaway, R., and Sleep, R. 1991. DACTL: An Experimental Graph Rewriting Language. In Proceedings of the 4th. International Workshop on Graph Grammars and their Application to Computer Science, Springer-Verlag, Ed. vol. 532. 378--395. Google Scholar
- Greco, S., Leone, N., and Rullo, P. 1992. COMPLEX: An Object-Oriented Logic Programming System. IEEE Trans. Knowl. Data Eng. 4, 72--87. Google Scholar
- Haas, L., Chang, W., and Lohman, G. 1990. Starbust Mid-Flight: As the Dust Clears. IEEE Trans. Knowl. Data Eng. 2, 33--54. Google Scholar
- Jaeger, T. and Tidswell, J. 2001. Practical Safety in Flexible Access Control Models. ACM Trans. Inform. Syst. Secu. 4, 2 (May), 158--190. Google Scholar
- Jajodia, S., Samarati, P., Sapino, M., and Subrahmanian, V. 2001. Flexible Support for Multiple Access Control Policies. ACM Trans. Database Syst. 26, 2 (June), 214--260. Google Scholar
- Jajodia, S., Samarati, P., Subrahmanian, V., and Bertino, E. 1997. A Unified Framework for Enforcing Multiple Access Control Policies. In Proceedings of the ACM SIGMOD International Conference on Management of Data. 474--485. Google Scholar
- Koch, M., Mancini, L., and Parisi-Presicce, F. 2000. A Formal Model for Role-Based Access Control Using Graph Transformation. In Proceedings of the 6th European Symposium on Research in Computer Security. 122--139. Google Scholar
- Koch, M., Mancini, L., and Parisi-Presicce, F. 2001. On the Specification and Evolution of Access Control Policies. In Proceedings of the 6th ACM Symposium on Access Control Models and Technologies (SACMAT-01). Chantilly, Virginia, USA, 121--130. Google Scholar
- Levy, A., Mumick, I., Sagiv, Y., and Shmueli, O. 1993. Equivalence, Query-Reachability, and Satisfiability in Datalog Extensions. In Proceedings of the 12th ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems. 109--122. Google Scholar
- Lloyd, J. 1987. Foundations of Logic Programming. Springer-Verlag. Google Scholar
- Millen, J. and Lunt, T. 1992. Security for Object-Oriented Database Systems. In Proceedings of the IEEE Symposium on Security and Privacy. Oakland (Ca), USA, 260--272. Google Scholar
- Rabitti, F., Bertino, E., Kim, W., and Woelk, D. 1991. A Model of Authorization for Next-Generation Database Systems. ACM Trans. Database Syst. 16, 1 (March), 88--131. Google Scholar
- Rozenberg, G., Ed. 1997. Handbook of Graph Grammars and Computing by Graph Transformation. vol. 1 (Foundations). World Scientific, Singapore. Google Scholar
- Samarati, P., Bertino, E., and Jajodia, S. 1996. An Authorization Model for a Distributed Hypertext System. IEEE Trans. Knowl. Data Eng. 8, 4 (August), 555--562. Google Scholar
- Sandhu, R. 1992a. Expressive Power of the Schematic Protection Model. J. Comput. Secu. 1, 1.Google Scholar
- Sandhu, R. 1992b. The Typed Access Matrix Model. In Proceedings of the IEEE Symposium on Security and Privacy. 122--136. Google Scholar
- Sandhu, R. 1996. Role Hierarchies and Constraints for Lattice-based Access Controls. In Computer Security - Esorics'96, E. Bertino, H. Kurth, G. Martella, and E. Montolivo, Eds. Number 1146 in Lecture Notes in Computer Science. Rome, Italy, 65--79. Google Scholar
- Sandhu, R., Coyne, E., Feinstein, H., and Youman, C. 1996. Role-Based Access Control Models. IEEE Comput. 29, 2 (February), 38--47. Google Scholar
- Sandhu, R., Ferraiolo, D., and Kuhn, R. 2000. The NIST Model for Role-Based Access Control: Towards a Unified Standard. In Proceedings of the 5th ACM Workshop on Role-Based Access Control. Berlin, Germany, 47--63. Google Scholar
- Sandhu, R. and Ganta, S. 1993. Expressive Power of the Single-Object Typed Access Matrix Model. In Proceedings of the 9th Annual Computer Security Applications Conference.Google Scholar
- Schurr, A. 1991. PROGRES: A VHL-language based on Graph Grammars. In Proceedings of the 4th International Workshop on Graph Grammars and their Application to Computer Science. Lecture Notes in Computer Science, vol. 532. Springer-Verlag, 641--659. Google Scholar
- STRAWBERRY PROLOG. See http://www.dobrev.com/index.html.Google Scholar
- Thomas, R. and Sandhu, R. 1997. Task-Based Authorization Controls (TBAC): Models for Active and Enterprise-Oriented Authorization Management. In Proceedings of the 11th IFIP Working Conference on Database Security. Lake Tahoe (CA), 136--151. Google Scholar
- Ullman, J. 1989. Principles of Database and Knowledge Base Systems. vol. 1&2. Computer Science Press. Google Scholar
- Winslett, M., Ching, N., Jones, V., and Slepchin, I. 1997. Using Digital Credentials on the World Wide Web. J. Comput. Secu. 5, 3. Google Scholar
- XSB. See http://xsb.sourceforge.net/.Google Scholar
Index Terms
- A logical framework for reasoning about access control models
Recommendations
Configuring role-based access control to enforce mandatory and discretionary access control policies
Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...
Role-Based Access Control Models
Since the 1970s, computer systems have featured multiple applications and served multiple users, leading to heightened awareness of data security issues. System administrators and software developers focused on different kinds of access control to ...
A logical framework for reasoning about access control models
SACMAT '01: Proceedings of the sixth ACM symposium on Access control models and technologiesThe increased availability of tools and technologies to access and use the data has made more urgent the needs for data protection. Moreover, emerging applications and data models call for more flexible and expressive access control models. This has ...
Comments