Specifying and Reasoning About Dynamic Access-Control Policies
نویسندگان
چکیده
Access-control policies have grown from simple matrices to non-trivial specifications written in sophisticated languages. The increasing complexity of these policies demands correspondingly strong automated reasoning techniques for understanding and debugging them. The need for these techniques is even more pressing given the rich and dynamic nature of the environments in which these policies evaluate. We define a framework to represent the behavior of accesscontrol policies in a dynamic environment. We then specify several interesting, decidable analyses using first-order temporal logic. Our work illustrates the subtle interplay between logical and state-based methods, particularly in the presence of three-valued policies. We also define a notion of policy equivalence that is especially useful for modular reasoning.
منابع مشابه
A Cloud - based Resource and Service Sharing Platform for Computer and Network Security Education
1. Automated Reasoning about Web Access Control Policies via Answer Set Programming Gail-Joon Ahn*, Joohyung Lee*, Hongxin Hu and Yunsong Meng Summary: We introduce a logic-based policy management approach for XACML (eXtensible Access Control Markup Language), which has become the defacto standard for specifying and enforcing access control policies for various applications and services in curr...
متن کاملFormal Reasoning about Fine-Grained Access Control Policies
Nowadays, most of the main database management systems offer, in one way or another, the possibility of protecting data using fine-grained access control (FGAC) policies, i.e., policies that depend on dynamic properties of the system state. Reasoning about FGAC policies typically amounts to answering questions about whether a security-related property holds in a (possibly infinite) set of syste...
متن کاملAccess Nets: Modeling Access to Physical Spaces ; CU-CS-1076-10
Electronic, software-managed mechanisms using, for example, radiofrequency identification (RFID) cards, enable great flexibility in specifying access control policies to physical spaces. For example, access rights may vary based on time of day or could differ in normal versus emergency situations. With such fine-grained control, understanding and reasoning about what a policy permits becomes su...
متن کاملReasoning about XACML Policy Descriptions in Answer Set Programming (Preliminary Report)
The advent of emerging technologies such as Web services, service-oriented architecture, and cloud computing has enabled us to perform business services more efficiently and effectively. However, we still suffer from unintended security leakages by unauthorized services while providing more convenient services to Internet users through such a cuttingedge technological growth. Furthermore, desig...
متن کاملA Logic for Reasoning About Time-Dependent Access Control Policies
Allowing access to resources, including data and hardware, without compromising their security is a fundamental challenge in computer science. Because of the number and complexity of authorization policies in access control systems, it is clear that ad hoc methods for specifying and enforcing policies cannot inspire a high degree of trust. Authorization logics have been proposed as a theoretica...
متن کامل