Skip to main content
SpringerLink
Log in

Category-Based Authorisation Models: Operational Semantics and Expressive Power

  • Conference paper
Engineering Secure Software and Systems (ESSoS 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5965))

Included in the following conference series:

Abstract

In this paper we give an operational specification of a meta-model of access control using term rewriting. To demonstrate the expressiveness of the meta-model, we show how several traditional access control models, and also some novel models, can be defined as special cases. The operational specification that we give permits declarative representation of access control requirements, is suitable for fast prototyping of access control checking, and facilitates the process of proving properties of access control policies.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abadi, M., Burrows, M., Lampson, B.W., Plotkin, G.D.: A calculus for access control in distributed systems. ACM Trans. Program. Lang. Syst. 15(4), 706–734 (1993)

    Article  Google Scholar 

  2. ANSI. RBAC, INCITS 359-2004 (2004)

    Google Scholar 

  3. Baader, F., Nipkow, T.: Term rewriting and all that. Cambridge University Press, Great Britain (1998)

    Google Scholar 

  4. Barker, S.: The next 700 access control models or a unifying meta-model? In: Proceedings of the ACM Int. Conf. SACMAT 2009, pp. 187–196. ACM Press, New York (2009)

    Google Scholar 

  5. Barker, S., Fernández, M.: Term rewriting for access control. In: Damiani, E., Liu, P. (eds.) Data and Applications Security 2006. LNCS, vol. 4127, pp. 179–193. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  6. Barthe, G., Dufay, G., Huisman, M., Melo de Sousa, S.: Jakarta: a toolset to reason about the JavaCard platform. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, p. 2. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  7. Bell, D.E., LaPadula, L.J.: Secure computer system: Unified exposition and multics interpretation. MITRE-2997 (1976)

    Google Scholar 

  8. Bertolissi, C., Fernández, M.: Time and location based services with access control. In: Proceedings of the 2nd IFIP International Conference on New Technologies, Mobility and Security. IEEEXplore (2008)

    Google Scholar 

  9. Bertolissi, C., Fernández, M., Barker, S.: Dynamic event-based access control as term rewriting. In: Barker, S., Ahn, G.-J. (eds.) Data and Applications Security 2007. LNCS, vol. 4602, pp. 195–210. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  10. Clavel, M., Durán, F., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., Talcott, C.: The Maude 2.0 system. In: Nieuwenhuis, R. (ed.) RTA 2003. LNCS, vol. 2706, pp. 76–87. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  11. Echahed, R., Prost, F.: Security policy in a declarative style. In: Proc. 7th ACM-SIGPLAN Symposium on Principles and Practice of Declarative Programming (PPDP 2005). ACM Press, New York (2005)

    Google Scholar 

  12. Fernández, M., Jouannaud, J.-P.: Modular termination of term rewriting systems revisited. In: Reggio, G., Astesiano, E., Tarlecki, A. (eds.) Abstract Data Types 1994 and COMPASS 1994. LNCS, vol. 906. Springer, Heidelberg (1995)

    Chapter  Google Scholar 

  13. Ferraiolo, D.F., Sandhu, R.S., Gavrila, S.I., Richard Kuhn, D., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM TISSEC 4(3), 224–274 (2001)

    Article  Google Scholar 

  14. Jajodia, S., Samarati, P., Sapino, M., Subrahmaninan, V.S.: Flexible support for multiple access control policies. ACM TODS 26(2), 214–260 (2001)

    Article  MATH  Google Scholar 

  15. Joshi, J., Bertino, E., Latif, U., Ghafoor, A.: A generalized temporal role-based access control model. IEEE Trans. Knowl. Data Eng. 17(1), 4–23 (2005)

    Article  Google Scholar 

  16. Klop, J.-W., van Oostrom, V., van Raamsdonk, F.: Combinatory reduction systems, introduction and survey. Theoretical Computer Science 121, 279–308 (1993)

    Article  MATH  MathSciNet  Google Scholar 

  17. Koch, M., Mancini, L., Parisi-Presicce, F.: A graph based formalism for rbac. In: SACMAT, pp. 129–187 (2004)

    Google Scholar 

  18. Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust-management framework. In: IEEE Symposium on Security and Privacy, pp. 114–130 (2002)

    Google Scholar 

  19. Liau, C.-J.: Belief, information acquisition, and trust in multi-agent systems–a modal logic formulation. Artif. Intell. 149(1), 31–60 (2003)

    Article  MATH  MathSciNet  Google Scholar 

  20. Newman, M.H.A.: On theories with a combinatorial definition of equivalence. Annals of Mathematics 43(2), 223–243 (1942)

    Article  MathSciNet  Google Scholar 

  21. Department of Defense. Trusted computer system evaluation criteria (1983); DoD 5200.28-STD

    Google Scholar 

  22. Sandhu, R.S., Munawer, Q.: How to do discretionary access control using roles. In: ACM Workshop on Role-Based Access Control, pp. 47–54 (1998)

    Google Scholar 

  23. Santana de Oliveira, A.: Rewriting-based access control policies. In: Proceedings of SECRET 2006, Venice, Italy. Electronic Notes in Theoretical Computer Science. Elsevier, Amsterdam (2007) (to appear)

    Google Scholar 

  24. Weitzner, D.J., Hendler, J., Berners-Lee, T., Connolly, D.: Creating a policy-aware web: Discretionary, rule-based access for the world wide web. In: Web and Information Security (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. LIF, Université de Provence, Marseille, France

    Clara Bertolissi

  2. Dept. of Computer Science, King’s College London, London, WC2R 2LS, U.K.

    Maribel Fernández

Authors
  1. Clara Bertolissi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Maribel Fernández
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento Ingegneria e Scienza dell’Informazione, Università di Trento, Via Sommarive 14, 38050, Povo (Trento), Italy

    Fabio Massacci

  2. Department of Computer Science, Rice University, 3122 Duncan Hall, 6100 Main Street, TX 77005, Houston, USA

    Dan Wallach

  3. Faculty of Mathematics and Computer Science, Eindhoven University of Technology, Den Dolech 2, 5612, Eindhoven, AZ, The Netherlands

    Nicola Zannone

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bertolissi, C., Fernández, M. (2010). Category-Based Authorisation Models: Operational Semantics and Expressive Power. In: Massacci, F., Wallach, D., Zannone, N. (eds) Engineering Secure Software and Systems. ESSoS 2010. Lecture Notes in Computer Science, vol 5965. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11747-3_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-11747-3_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-11746-6

  • Online ISBN: 978-3-642-11747-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation