Chapter

Secure Data Management in Decentralized Systems

Volume 33 of the series Advances in Information Security pp 21-58

Access Control Policies and Languages in Open Environments

  • S. De Capitani di VimercatiAffiliated withUniversità degli Studi di Milano
  • , S. ForestiAffiliated withUniversità degli Studi di Milano
  • , S. JajodiaAffiliated withCenter of Secure Information Systems, George Mason University
  • , P. SamaratiAffiliated withUniversità degli Studi di Milano

Abstract

Access control is the process of mediating every request to resources and data maintained by a system and determining whether the request should be granted or denied. Access control plays an important role in overall system security. The development of an access control system requires the definition of the regulations (policies) according to which access is to be controlled and their implementation as functions executable by a computer system. The access control policies are usually formalized through a security model, stated through an appropriate specification language, and then enforced by the access control mechanism enforcing the access control service. The separation between policies and mechanisms introduces an independence between protection requirements to be enforced on the one side, and mechanisms enforcing them on the other. It is then possible to: i) discuss protection requirements independently of their implementation, ii) compare different access control policies as well as different mechanisms that enforce the same policy, and iii) design mechanisms able to enforce multiple policies. This latter aspect is particularly important: if a mechanism is tied to a specific policy, a change in the policy would require changing the whole access control system; mechanisms able to enforce multiple policies avoid this drawback. The formalization phase between the policy definition and its implementation as a mechanism allows the definition of a formal model representing the policy and its working, making it possible to define and prove security properties that systems enforcing the model will enjoy [30].