Analyzing and Managing Role-Based Access Control Policies

IEEE Transactions on Knowledge and Data Engineering - Tập 20 Số 7 - Trang 924-939 - 2008

Karsten Sohr¹, Michael Drouineaud¹, Gail-Joon Ahn², Martin Gogolla¹

¹Center for Computing Technologies, Universität Bremen, Bremen, Germany

²Department of Computer Science and Engineering, Arizona State University, Tempe, AZ, USA

Tóm tắt

Today more and more security-relevant data is stored on computer systems; security-critical business processes are mapped to their digital counterparts. This situation applies to various domains such as health care industry, digital government, and financial service institutes requiring that different security requirements must be fulfilled. Authorisation constraints can help the policy architect design and express higher-level organisational rules. Although the importance of authorisation constraints has been addressed in the literature, there does not exist a systematic way to verify and validate authorisation constraints. In this paper, we specify both non-temporal and history-based authorisation constraints in the Object Constraint Language (OCL) and first-order linear temporal logic (LTL). Based upon these specifications, we attempt to formally verify role-based access control policies with the help of a theorem prover and to validate policies with the USE system, a validation tool for OCL constraints. We also describe an authorisation engine, which supports the enforcement of authorisation constraints.

Từ khóa

#Access controls #Protection mechanisms #Access controls #Protection mechanisms

Tài liệu tham khảo

10.1109/QSIC.2004.1357945

ahn, 2001, Role-Based Authorization Constraints Specification Using Object Constraint Language, Proc 10th IEEE Int'l Workshops Enabling Technologies Infrastructure for Collaborative Enterprise (WET ICE '01), 157

turing, 1936, On Computable Numbers with an Application to the Entscheidungs Problem, Proc London Math Soc (2), 42, 230

warmer, 2003, The Object Constraint Language Getting Your Models Ready for MDA

10.1109/CSFW.1997.596811

rumbaugh, 2004, Object Technology Series

10.1145/990036.990054

clarke, 1999, Model checking

goldblatt, 1992, Logics of Time and Computation

gogolla, 2003, Validation of UML and OCL Models by Automatic Snapshot Generation, Proc Sixth Int'l Conf Unified Modeling Language (UML '03), 265

anderson, 2001, Security Engineering A Guide to Building Dependable Distributed Systems

sohr, 2005, Specification and Validation of Authorisation Constraints with UML and OCL, European Symp Research in Computer Security (ESORICS)

10.1007/978-1-4612-0931-7

10.1109/SECPRI.1998.674833

sohr, 2005, Articulating and Enforcing Authorisation Policies with UML and OCL, Proc ACM ICSE Workshop Software Eng for Secure Systems (SESS '05)

richters, 2002, A Precise Approach to Validating UML Models and OCL Constraints

10.1145/937527.937530

sohr, 2005, "Isabelle Theories "

10.1109/CSFW.2001.930135

10.1145/1066677.1066756

10.1145/1133058.1133071

10.1145/1063979.1063991

atluri, 2005, Supporting Conditional Delegation in Secure Workflow Management Systems, Proc 10th ACM Symp Access Control Models and Technologies (SACMAT '05), 49, 10.1145/1063979.1063990

10.1145/775412.775419

10.1145/248625.248652

10.1016/j.jcss.2004.11.002

barka, 2000, A Role-Based Delegation Model and Some Extensions, Proc 16th Ann Computer Security Application Conf, 125

10.1145/1133058.1133079

10.1109/ACSAC.1988.113349

mossakowski, 2003, A Temporal-Logic Extension of Role-Based Access Control Covering Dynamic Separation of Duties, Proc 10th Int'l Symp Temporal Representation and Reasoning/Fourth Int'l Conf Temporal Logic (TIME-ICTL '03)

jaeger, 2001, Practical Safety in Flexible Access Control Models, ACM Trans Information and System Security, 158, 10.1145/501963.501966

10.1145/300830.300837

nipkow, 2002, Isabelle/HOL?A Proof Assistant for Higher-Order Logic

10.1109/TKDE.2005.1

atluri, 2005, Supporting Conditional Delegation in Secure Workflow Management Systems, Proc 10th ACM Symp Access Control Models and Technologies (SACMAT '05), 49, 10.1145/1063979.1063990

10.1109/WORDS.2005.11

10.1007/978-3-540-48480-6_8

ziemann, 2003, An OCL Extension for Formulating Temporal Constraints

2005, eXtensible Access Control Markup Language (XACML) Version 2 0

2004, Role based access control

ahn, 1999, "The RCL 2000 Language for Specifying Role-Based Authorization Constraints "

sandhu, 1996, Role-Based Access Control Models, Computer, 29, 38, 10.1109/2.485845

10.1109/SP.1987.10001

10.1109/RISP.1990.63851

1995, Directive on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data

2006, Fraud Survey Reports 1996-2002

Scholar Hub - Công cụ hỗ trợ trích dẫn và phân tích khoa học Việt Nam

Về chúng tôi

Scholar Hub là công cụ hỗ trợ trích dẫn và phân tích các bài báo, công bố khoa học Việt Nam. Công cụ trợ giúp người nghiên cứu, tạp chí, đơn vị nghiên cứu tra cứu, phân tích và thống kê dữ liệu nghiên cứu khoa học tại Việt Nam và quốc tế.
ScholarHub KHÔNG đăng thông tin tổng hợp, KHÔNG đăng lại nội dung từ các trang báo chí Việt Nam hoặc trang thông tin điện tử khác tại Việt Nam.

Thông tin, cập nhật

Đăng ký Tạp chí tham gia vào Scholar Hub

Phản hồi ý kiến về Scholar Hub

Bài viết, nội dung cập nhật

Chủ đề khoa học

Website liên kết

Phần mềm kiểm tra trùng lặp Kiểm Tra Tài Liệu

Phần mềm xuất bản tạp chí điện tử VOJS

Công cụ kiểm tra chính tả và thể thức Viver

Nền tảng trắc nghiệm và đề thi đa lĩnh vực LetQA