Logical Method for Reasoning About Access Control and Data Flow Control Models
نویسنده
چکیده
Some logic definitions for access control and data flow control models are proposed. A formalization of concepts of confidentiality and integrity is provided, on the basis of predicates CanKnow and CanStore. The application of these concepts to several well-known access control models, including MultiLevel Systems, Role-Based Access Control, Chinese Wall is shown. Formal definitions and proofs of invariant properties of these models in terms of our method will be given. It will then appear that these models have many possible variations and combinations of which only few have been studied. These concepts can be useful for developing proofs on access control models, automatically or manually, for developing new models, and for teaching access control and data flow control concepts.
منابع مشابه
A Logical Model for Security of Web Services
Business Processes for Web Services are the new paradigm for the lightweight integration of business from different enterprises. Yet, there is not a comprehensive proposal for a logical framework for access control for business processes though logics for access control policies for basic web services are well studied. In this paper we propose a logical framework for reasoning (deduction, abduc...
متن کاملCAMAC: a context-aware mandatory access control model
Mandatory access control models have traditionally been employed as a robust security mechanism in multilevel security environments such as military domains. In traditional mandatory models, the security classes associated with entities are context-insensitive. However, context-sensitivity of security classes and flexibility of access control mechanisms may be required especially in pervasive c...
متن کاملReasoning about Access Control in Windows Nt
In this paper, we study a logical methodology for access control in a real-world application, namely Windows NT (NT). In particular, we extend existing logical specifications for access control in order to deal with distributed access control in NT. Then, we propose practical verification properties for analyzing access control configurations in NT. The results obtained show that our logical me...
متن کاملReasoning About Security: A Logic and a Decision Method for Role-Based Access Control
Role-based access control (RBAC) is one of the most promising techniques for the design and implementation of security policies and its diiusion may be enhanced by the development of formal and automated method of analysis. This paper presents a logic for practical reasoning about role based access control which simpliies and adapts to RBAC the calculus developed at Digital SRC. Beside a langua...
متن کاملLayered graph logic as an assertion language for access control policy models
We describe a uniform logical framework, based on a bunched logic that combines classical additives and very weak multiplicatives, for reasoning compositionally about access control policy models. We show how our approach takes account of the underlying system architecture, and so provides a way to identify and reason about how vulnerabilities may arise (and be removed) as a result of the archi...
متن کامل