Decidability of Safety in Graph-Based Models for Access Control
Models of Access Control Policies specified with graphs and graph transformation rules combine an intuitive visual representation with solid semantical foundations. While the expressive power of graph transformations leads in general to undecidable models, we prove that it is possible, with reasonable restrictions on the form of the rules, to obtain access control models where safety is decidable. The restrictions introduced are minimal in that no deletion and addition of a graph structure are allowed in the same modification step. We then illustrate our result with two examples: a graph based DAC model and a simplified decentralized RBAC model.
KeywordsAccess Control Graph Transformation Access Control Policy Access Control Model User Node
Unable to display preview. Download preview PDF.
- [AS00]G. Ahn and R. Sandhu. Role-based Authorization Constraint Specification. A CM Trans. of Info. and System Security, 3(4), 2000.Google Scholar
- [CRPP91]A. Corradini, F. Rossi, and F. Parisi-Presicce. Logic programming as hypergraph rewriting. In Proc. of CAAP91, volume 493 of LNCS, pages 275–295. Springer, 1991.Google Scholar
- [EEKR99]H. Ehrig, G. Engels, H.-J. Kreowski, and G. Rozenberg, editors. Handbook of Graph Grammars and Computing by Graph Transformations. Vol. II: Applications, Languages, and Tools. World Scientific, 1999.Google Scholar
- [JT01]Trent Jaeger and Jonathan E. Tidswell. Practical safety in flexible access control models. ACM Trans. of Info. and System Security, 4(2), 2001.Google Scholar
- [KMPP00]M. Koch, L.V. Mancini, and F. Parisi-Presicce. A Formal Model for Role-Based Access Control using Graph Transformation. In F. Cuppens, Y. Deswarte, D. Gollmann, and M. Waidner, editors, Proc. of the 6th European Symposium on Research in Computer Security (ESORICS 2000), number 1895 in Lect. Notes in Comp. Sci., pages 122–139. Springer, 2000.Google Scholar
- [KMPP01a]M. Koch, L.V. Mancini, and F. Parisi-Presicce. On the Specification and Evolution of Access Control Policies. In S. Osborne, editor, Proc. 6th ACM Symp. on Access Control Models and Technologies, pages 121–130. ACM, May 2001.Google Scholar
- [KMPP01b]M. Koch, L.V. Mancini, and F. Parisi-Presicce. Foundations for a graph-based approach to the Specification of Access Control Policies. In F. Honsell and M. Miculan, editors, Proc. of Foundations of Software Science and Computation Structures (FoSSaCS 2001), Lect. Notes in Comp. Sci. Springer, March 2001.Google Scholar
- [LS78]R. J. Lipton and L. Snyder. On synchronization and security. In Demillo et al., editor, Foundations of Secure Computation. Academic Press, 1978.Google Scholar
- [Roz97]G. Rozenberg, editor. Handbook of Graph Grammars and Computing by Graph Transformations. Vol. I: Foundations. World Scientific, 1997.Google Scholar
- [Sny77]L. Snyder. On the Synthesis and Analysis of Protection Systems. In Proc. of 6th Symposium on Operating System Principles, volume 11 of Operating System Review, pages 141–150. ACM, 1977.Google Scholar
- [SS92]Ravi S. Sandhu and Gurpreet S. Suri. Non-Monotonic Transformation of Access Rights. In Proc. IEEE Symposium on Research and Privacy, pages 148–161, 1992.Google Scholar