Modular Access Control Via Strategic Rewriting
نویسندگان
چکیده
Security policies, in particular access control, are fundamental elements of computer security. We address the problem of authoring and analyzing policies in a modular way using techniques developed in the field of term rewriting, focusing especially on the use of rewriting strategies. Term rewriting supports a formalization of access control with a clear declarative semantics based on equational logic and an operational semantics guided by strategies. Wellestablished term rewriting techniques allow us to check properties of policies such as the absence of conflicts and the property of always returning a decision. A rich language for expressing rewriting strategies is used to define a theory of modular construction of policies in which we can better understand the preservation of properties of policies under composition. The robustness of the approach is illustrated on the composition operators of XACML.
منابع مشابه
Modular & Incremental Automated Termination Proofs
We propose a modular approach of term rewriting systems, making the best of their hierarchical structure. We define rewriting modules and then provide a new method to prove termination incrementally. We obtain new and powerful termination criteria for standard rewriting. Our policy of restraining termination itself (thus relaxing constraints over hierarchies components) together with the genera...
متن کاملQuerying Temporal Databases via OWL 2 QL
SQL:2011, the most recently adopted version of the SQL query language, has unprecedentedly standardized the representation of temporal data in relational databases. Following the successful paradigm of ontology-based data access, we develop a practical approach to querying the SQL:2011-based temporal data model via the semantic layer of OWL 2 QL. The interval-based temporal query language (TQL)...
متن کاملFrom Access Control Policies to an Aspect-Based Infrastructure: A Metamodel-Based Approach
Security is among the most successful applications of aspectoriented concepts. In particular, in role-based access control, aspects capture access conditions in a quite modular way. The question we address in this paper is how can aspects be generated from access control policies under a validated process? We present a metamodel-based transformation from SecureUML, a rolebased access control la...
متن کاملStack-based Strategic Control
In a strategic framework, combinators provide a fundamental mechanism for exercising control over rewriting. This type of control is based on the observation of the success or failure of strategy application. This paper describes a framework where information relating to the outcome of strategy application is stored in two internally maintained stacks. These stacks represent an implicit state w...
متن کاملAttributed Hierarchical Port Graphs and Applications
We present attributed hierarchical port graphs (AHP) as an extension of port graphs that aims at facilitating the design of modular port graph models for complex systems. AHP consist of a number of interconnected layers, where each layer defines a port graph whose nodes may link to layers further down the hierarchy; attributes are used to store user-defined data as well as visualisation and run...
متن کامل