Abstract
Despite the widespread adoption of Role-based Access Control (RBAC) models, new access control models are required for new applications for which RBAC may not be especially well suited and for which implementations of RBAC do not enable properties of access control policies to be adequately defined and proven. To address these issues, we propose a form of access control model that is based upon the key notion of an event. The access control model that we propose is intended to permit the representation of access control requirements in a distributed and changing computing environment, the proving of properties of access control policies defined in terms of our model, and direct implementations for access control checking.
Research partially funded by the EU project Implementing access control mechanisms using rewriting techniques, Marie Curie Intra European Fellowships Programme.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Abadi, M., Gordon, A.: A calculus for cryptographic protocols: The spi calculus. In: Proc. 4th ACM Conf. on Computer and Communication Security, pp. 36–47. ACM Press, New York (1997)
Abbes, T., Bouhoula, A., Rusinowitch, M.: Protocol analysis in intrusion detection using decision tree. In: Proc. ITCC 2004, pp. 404–408 (2004)
Abendroth, J., Jensen, C.: A unified security mechanism for networked applications. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 351–357. Springer, Heidelberg (2004)
Baader, F., Nipkow, T.: Term rewriting and all that. Cambridge University Press, Great Britain (1998)
Bacon, J., Moody, K., Yao, W.: A model of OASIS RBAC and its support for active security. TISSEC 5(4), 492–540 (2002)
Baral, C., Gelfond, M.: Logic programming and knowledge representation. JLP 20, 73–148 (1994)
Barker, S., Fernández, M.: Term rewriting for access control. In: Damiani, E., Liu, P. (eds.) Data and Applications Security XX. LNCS, vol. 4127, Springer, Heidelberg (2006)
Barker, S., Stuckey, P.: Flexible access control policy specification with constraint logic programming. ACM Trans. on Information and System Security 6(4), 501–546 (2003)
Barthe, G., Dufay, G., Huisman, M., de Sousa, S.M.: Jakarta: a toolset to reason about the JavaCard platform. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, Springer, Heidelberg (2001)
Becker, M., Sewell, P.: Cassandra: Distributed access control policies with tunable expressiveness. In: POLICY 2004, pp. 159–168 (2004)
Bertino, E., Bettini, C., Ferrari, E., Samarati, P.: An access control model supporting periodicity constraints and temporal reasoning. ACM TODS 23(3), 231–285 (1998)
Bertino, E., Bonatti, P., Ferrari, E.: TRBAC: A temporal role-based access control model. In: Proc. 5th ACM Workshop on Role-Based Access Control, pp. 21–30. ACM Press, New York (2000)
Bertino, E., Catania, B., Zarri, G.: Intelligent Database Systems. Addison-Wesley, Reading (2001)
Borovansky, P., Kirchner, C., Kirchner, H., Moreau, P-E.: ELAN from a rewriting logic point of view. TCS 285, 155–185 (2002)
Clavel, M., Durán, F., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., Talcott, C.: The Maude 2.0 system. In: Nieuwenhuis, R. (ed.) RTA 2003. LNCS, vol. 2706, pp. 76–87. Springer, Heidelberg (2003)
Dershowitz, N., Jouannaud, J.-P.: Rewrite Systems. In: van Leeuwen, J. (ed.) Handbook of Theoretical Computer Science: Formal Methods and Semantics, vol. B, North-Holland, Amsterdam (1989)
De Treville, J.: Binder, a logic-based security language. In: Proc. IEEE Symposium on Security and Privacy, pp. 105–113. IEEE Computer Society Press, Los Alamitos (2002)
Echahed, R., Prost, F.: Security policy in a declarative style. In: Proc. PPDP 2005, ACM Press, New York (2005)
Fernández, M., Jouannaud, J.-P.: Modular termination of term rewriting systems revisited. In: Reggio, G., Astesiano, E., Tarlecki, A. (eds.) Recent Trends in Data Type Specification. LNCS, vol. 906, Springer, Heidelberg (1995)
Jajodia, S., Samarati, P., Sapino, M., Subrahmaninan, V.S.: Flexible support for multiple access control policies. ACM TODS 26(2), 214–260 (2001)
Jim, T.: SD3: A trust management system with certified evaluation. In: IEEE Symp. Security and Privacy, pp. 106–115. IEEE Computer Society Press, Los Alamitos (2001)
Kirchner, C., Kirchner, H., Vittek, M.: ELAN user manual. Nancy (France), Technical Report 95-R-342, CRIN (1995)
Klop, J.-W.: Term Rewriting Systems. In: Abramsky, S., Gabbay, D.M., Maibaum, T.S.E. (eds.) Handbook of Logic in Computer Science, vol. 2, Oxford University Press, Oxford (1992)
Klop, J.-W., van Oostrom, V., van Raamsdonk, F.: Combinatory reduction systems, introduction and survey. TCS 121, 279–308 (1993)
Koch, M., Mancini, L., Parisi-Presicce, F.: A graph based formalism for rbac. In: Proc. SACMAT 2004, pp. 129–187 (2004)
Marriott, K., Stuckey, P.J.: Programming with Constraints: an Introduction. MIT Press, Cambridge (1998)
Newman, M.H.A.: On theories with a combinatorial definition of equivalence. Annals of Mathematics 43(2), 223–243 (1942)
Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)
de Oliveira, A.S.: Rewriting-based access control policies. In: Proc. of SECRET 2006. ENTCS, Elsevier, Amsterdam (2007)
Wijesekera, D., Jajodia, S.: Policy algebras for access control the predicate case. In: ACM Conf. on Computer and Communications Security, pp. 171–180. ACM Press, New York (2002)
The XSB System Version 2.7.1, Programmer’s Manual (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 IFIP International Federation for Information Processing
About this paper
Cite this paper
Bertolissi, C., Fernández, M., Barker, S. (2007). Dynamic Event-Based Access Control as Term Rewriting. In: Barker, S., Ahn, GJ. (eds) Data and Applications Security XXI. DBSec 2007. Lecture Notes in Computer Science, vol 4602. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73538-0_15
Download citation
DOI: https://doi.org/10.1007/978-3-540-73538-0_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-73533-5
Online ISBN: 978-3-540-73538-0
eBook Packages: Computer ScienceComputer Science (R0)