Abstract
Access control is one of the most common and versatile mechanisms used for information systems security enforcement. An access control model formally describes how to decide whether an access request should be granted or denied. Since the role-based access control initiative has been proposed in the 90s, several access control models have been studied in the literature. An access control policy is an instance of a model. It defines the set of basic facts used in the decision process. Policies must satisfy a set of constraints defined in the model, which reflect some high level organization requirements. First-order logic has been advocated for some time as a suitable framework for access control models. Many frameworks have been proposed, focusing mainly on expressing complex access control models. However, though formally expressed, constraints are not defined in a unified language that could lead to some well-founded and generic enforcement procedures. Therefore, we make a clear distinction by proposing a logical framework focusing primarily on constraints, while keeping as much as possible a unified way of expressing constraints, policies, models, and reference monitors. This framework is closely tied to relational database integrity models. We then show how to use well-founded procedures in order to enforce and check constraints. Without requiring any rewriting previous to the inference process, these procedures provide clean and intuitive debugging traces for administrators. This approach is a step toward bridging the gap between general but hard to maintain formalisms and effective but insufficiently general ones.
Similar content being viewed by others
Notes
\(\bot\) stands for a logical antilogy (e.g., 0 = 1).
References
Abiteboul, S., Hull, R., & Vianu, V. (1995). Foundations of databases. Boston: Addison-Wesley. ISBN 0-201-53771-0.
Ahn, G.-J., & Sandhu, R. S. (1999). The RSL99 language for role-based separation of duty constraints. In RBAC’99: 4th ACM workshop on role-based access control (pp. 43–54). New York: ACM Press. ISBN 1-58113-180-1. doi:10.1145/319171.319176.
Barker, S., & Stuckey, P. J. (2003). Flexible access control policy specification with constraint logic programming. ACM Transactions on Information & System Security, 6(4), 501–546.
Beeri, C., & Vardi, M. Y. (1984). A proof procedure for data dependencies. Journal of the ACM, 31(4), 718–741.
Benantar, M. (Ed.) (2006). Access control systems—security, identity management and trust models. New York: Springer.
Bertino, E., Bonatti, P. A., & Ferrari, E. (2001). TRBAC: A temporal role-based access control model. ACM Transactions on Information & System Security, 4(3), 191–233.
Bertino, E., Catania, B., Ferrari, E., & Perlasca, P. (2003). A logical framework for reasoning about access control models. ACM Transactions on Information & System Security, 6(1), 71–127.
Calì, A., Gottlob, G., & Kifer, M. (2008). Taming the infinite chase: Query answering under expressive relational constraints. In G. Brewka, & J. Lang (Eds.), KR (pp. 70–80). Menlo Park: AAAI Press. ISBN 978-1-57735-384-3.
Chomicki, J., & Marcinkowski, J. (2005). Minimal-change integrity maintenance using tuple deletions. Information & Computation, 197(1–2), 90–121.
Coulondre, S. (2003). A top-down proof procedure for generalized data dependencies. Acta Informatica, 39(1), 1–29.
Crampton, J. (2003). Specifying and enforcing constraints in role-based access control. In SACMAT’03: 8th ACM symposium on access control models and technologies (pp. 43–50). New York: ACM Press. ISBN 1-58113-681-1. doi:10.1145/775412.775419.
Damiani, M. L., Bertino, E., Catania, B., & Perlasca, P. (2007). GEO-RBAC: A spatially aware rbac. ACM Transactions on Information & System Security, 10(1).
DeTreville, J. (2002). Binder, a logic-based security language. In SP’02: IEEE symposium on security and privacy (p. 105). Washington: IEEE Computer Society. ISBN 0-7695-1543-6.
Fagin, R. (2006). Inverting schema mappings. In S. Vansummeren (Ed.), PODS’06: 25th ACM SIGACT-SIGMOD-SIGART symposium on principles of database systems, Chicago, Illinois (pp. 50–59). New York: ACM Press. ISBN 1-59593-318-2.
Ferraiolo, D. F., Kuhn, R. D., & Chandramouli, R. (2003). Role-based access control. Norwoord: Artech House. ISBN 1-58053-370-1.
Gallier, J. H. (1986). Logic for computer science: Foundations of automatic theorem proving. Revised on-line version 2003. New York: Harper & Row. ISBN 0-06-042225-4. http://www.cis.upenn.edu/~jean/gbooks/logic.html.
Gavrila, S. I., & Barkley, J. F. (1998). Formal specification for role based access control user/role and role/role relationship management. In RBAC’98: 3rd ACM workshop on Role-based access control (pp. 81–90).
Gligor, V. D., Gavrila, S. I., & Ferraiolo, D. F. (1998). On the formal definition of separation-of-duty policies and their composition. In 1998 symposium on security and privacy, Oakland, California (pp. 172–183). New York: IEEE Computer Society Press.
Halpern, J. Y., & Weissman, V. (2003). Using first-order logic to reason about policies. In CSFW’03: 16th IEEE computer security foundations workshop, Pacific Grove, CA (pp. 187–201). New York: IEEE Computer Society. ISBN 0-7695-1927-X.
Jaeger, T., & Tidswell, J. E. (2001). Practical safety in flexible access control models. ACM Transactions on Information and System Security, 4(2), 158–190. ISSN 1094-9224. doi:10.1145/501963.501966.
Jajodia, S., Samarati, P., Sapino, M. L., & Subrahmanian, V. S. (2001). Flexible support for multiple access control policies. ACM Transactions on Database Systems, 26, 214–260. ISSN 0362-5915. doi:10.1145/383891.383894.
Jim, T. (2001). SD3: A trust management system with certified evaluation. In IEEE symposium on security and privacy (pp. 106–115).
Joshi, J., Bertino, E., Latif, U., & Ghafoor, A. (2005). A generalized temporal role-based access control model. IEEE Transactions on Knowledge & Data Engineering, 17(1), 4–23.
Kuhn, R. D. (1997). Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems. In RBAC’97: 2nd ACM workshop on Role-based access control (pp. 23–30). New York: ACM Press. ISBN 0-89791-985-8. doi:10.1145/266741.266749.
Lampson, B. W. (1974). Protection. ACM SIGOPS Operating Systems Review, 8(1), 18–24. ISSN 0163-5980. doi:10.1145/775265.775268.
Li, N., Bizri, Z., & Tripunitara, M. V. (2004). On mutually-exclusive roles and separation of duty. In CCS’04: 11th ACM conference on computer and communications security (pp. 42–51). New York: ACM Press. ISBN 1-58113-961-6. doi:10.1145/1030083.1030091.
Li, N., Byun, J.-W., & Bertino, E. (2007). A critique of the ANSI standard on role-based access control. IEEE Security and Privacy, 5(6), 41–49. ISSN 1540-7993. doi:10.1109/MSP.2007.158.
Li, N., Grosof, B. N., & Feigenbaum, J. (2003). Delegation logic: A logic-based approach to distributed authorization. ACM Transactions on Information & System Security, 6(1), 128–171.
Li, N., & Mitchell, J. C. (2003). DATALOG with constraints: A foundation for trust management languages. In V. Dahl, & P. Wadler (Eds.), PADL’03: 5th international symposium on practical aspects of declarative languages, New Orleans. Lecture notes in computer science (Vol. 2562, pp. 58–73). New York: Springer. ISBN 3-540-00389-4.
Li, N., & Wang, Q. (2008). Beyond separation of duty: An algebra for specifying high-level security policies. Journal of the ACM, 55(3) 1–46. ISSN 0004-5411. doi:10.1145/1379759.1379760.
Li, N., Wang, Q., Qardaji, W., Bertino, E., Rao, P., Lobo, J., et al. (2009). Access control policy combining: Theory meets practice. In SACMAT ’09: Proceedings of the 14th ACM symposium on access control models and technologies (pp. 135–144). New York: ACM. ISBN 978-1-60558-537-6. doi:10.1145/1542207.1542229.
Maher, M. J., & Srivastava, D. (1996). Chasing constrained tuple-generating dependencies. In R. Hull (Ed.), PODS’96: 15th ACM SIGACT-SIGMOD-SIGART symposium on principles of database systems, Montreal, Canada (pp. 128–138). New York: ACM Press. ISBN 0-89791-781-2.
Miège, A. (2005). Dénition d’un environnement formel d’expression de politiques de sécurité: Modèle Or-BAC et extensions. PhD thesis, Ecole Nationale Supérieure des Télécommunications, Paris.
Ni, Q., Bertino, E., Lobo, J. & Calo, S. B. (2009). Privacy-aware role-based access control. IEEE Security and Privacy, 7, 35–43. ISSN 1540-7993. doi:10.1109/MSP.2009.102.
Sandhu, R. S. (1993). Lattice-based access control models. Computer, 26(11), 9–19. ISSN 0018-9162. doi:10.1109/2.241422.
Sandhu, R. S., Coyne, E. J., Feinstein, H. L., & Youman, C. E. (1996). Role-based access control models. IEEE Computer, 29(2), 38–47.
Thomas, R. K. (1997). Team-based access control (tmac): A primitive for applying role-based access controls in collaborative environments. In RBAC’97: 2nd ACM workshop on Role-based access control (pp. 13–19). New York: ACM Press. ISBN 0-89791-985-8. doi:10.1145/266741.266748.
Thomas, R. K., & Sandhu, R. S. (1997). Task-based authorization controls (TBAC): A family of models for active and enterprise-oriented autorization management. In T. Y. Lin, & S. Qian (Eds.), IFIP’98: 11th international conference on database security, Lake Tahoe, CA. IFIP conference proceedings (Vol. 113, pp. 166–181). London: Chapman & Hall. ISBN 0-412-82090-0.
Wainer, J., Barthelmess, P., & Kumar, A. (2003). W-RBAC—a workflow security model incorporating controlled overriding of constraints. International Journal of Cooperative Information Systems, 12(4), 455–485.
Wainer, J., Kumar, A., & Barthelmess, P. (2007). DW-RBAC: A formal security model of delegation and revocation in workflow systems. Information Systems, 32(3), 365–384.
Author information
Authors and Affiliations
Corresponding author
Appendix: Chase algorithm
Appendix: Chase algorithm
Algorithm 1 Chase algorithm from Beeri and Vardi (1984)
Rights and permissions
About this article
Cite this article
Thion, R., Coulondre, S. A relational database integrity framework for access control policies. J Intell Inf Syst 38, 131–159 (2012). https://doi.org/10.1007/s10844-010-0146-z
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10844-010-0146-z