A Hierarchical Release Control Policy Framework
With increasing information exchange within and between organizations, it becomes increasingly unsatisfactory to depend solely on access control to meet confidentiality and other security needs. To better support the regulation of information flow, this paper presents a release control framework founded on a logical language. Release policies can be specified in a hierarchical manner, in the sense that each user, group, division and organization can specify their own policies, and these are combined by the framework in a manner that enables flexibility within the context of management oversight and regulation. In addition, the language can be used naturally to specify associated provisions (actions that must be undertaken before the release is permitted) and obligations (actions that are agreed will be taken after the release).
This paper also addresses issues arising due to the fact that a data object can be released from one entity to another in sequence, along a release path. We show how to test whether a given release specification satisfies given constraints on the release paths it authorizes. We also show how to find the best release paths from release specifications, based on weights specified by users. The factors affecting weights include the subjects through which a path passes, as well as the provisions and obligations that must be met to authorize each step in the path.
KeywordsPolicy Release Control Access Control
- [BdVS00]Piero A. Bonatti, Sabrina De Capitani di Vimercati, and Pierangela Samarati. A modular approach to composing access control policies. In ACM Conference on Computer and Communications Security, pages 164–173, 2000.Google Scholar
- [BJWW02]Claudio Bettini, Sushil Jajodia, Xiaoyang Sean Wang, and Duminda Wijesekera. Provisions and obligations in policy management and security applications. In VLDB, pages 502–513, 2002.Google Scholar
- [Fol89]Simon N. Foley. A model for secure information flow. In IEEE Symposium on Security and Privacy, pages 248–258, 1989.Google Scholar
- [Gel89]Allen Van Gelder. The alternating fixpoint of logic programs with negation. In Proceedings of the Eighth ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems, March 29–31, 1989, Philadelphia, Pennsylvania, pages 1–10. ACM Press, 1989.Google Scholar
- [Llo87]John W. Lloyd. Foundations of Logic Programming, Second Edition. Springer, 1987.Google Scholar
- [ML97]Andrew C. Myers and Barbara Liskov. A decentralized model for information flow control. In SOSP, pages 129–142, 1997.Google Scholar
- [MMN90]Catherine D. McCollum, J. R. Messing, and LouAnna Notargiacomo. Beyond the pale of mac and dac-defining new forms of access control. In IEEE Symposium on Security and Privacy, pages 190–200, 1990.Google Scholar
- [SCFY96]Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, and Charles E. Youman. Role-based access control models. IEEE Computer, 29(2):38–47, 1996.Google Scholar
- [WJ02]Duminda Wijesekera and Sushil Jajodia. Policy algebras for access control the predicate case. In ACM Conference on Computer and Communications Security, pages 171–180, 2002.Google Scholar