Term Rewriting for Access Control

  • Steve Barker
  • Maribel Fernández
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4127)


We demonstrate how access control models and policies can be represented by using term rewriting systems, and how rewriting may be used for evaluating access requests and for proving properties of an access control policy. We focus on two kinds of access control models: discretionary models, based on access control lists (ACLs), and role-based access control (RBAC) models. For RBAC models, we show that we can specify several variants, including models with role hierarchies, and constraints and support for security administrator review querying.


Access Control Access Control Policy Access Policy Access Privilege Access Control Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Abadi, M., Gordon, A.: A calculus for cryptographic protocols: The spi calculus. In: Proc. 4th ACM Conf. on Computer and Communication Security, pp. 36–47 (1997)Google Scholar
  2. 2.
    Abbes, T., Bouhoula, A., Rusinowitch, M.: Protocol analysis in intrusion detection using decision tree. In: Proc. ITCC 2004, pp. 404–408 (2004)Google Scholar
  3. 3.
    Abendroth, J., Jensen, C.: A unified security mechanism for networked applications. In: SAC 2003, pp. 351–357 (2003)Google Scholar
  4. 4.
    Albert, E., Hanus, M., Huch, F., Oliver, J., Vidal, G.: Operational semantics for declarative multi-paradigm languages. Journal of Symbolic Computation (2004)Google Scholar
  5. 5.
    Baader, F., Nipkow, T.: Term rewriting and all that. Cambridge University Press, Cambridge (1998)CrossRefMATHGoogle Scholar
  6. 6.
    Barker, S.: Data protection by logic programming. In: Palamidessi, C., Moniz Pereira, L., Lloyd, J.W., Dahl, V., Furbach, U., Kerber, M., Lau, K.-K., Sagiv, Y., Stuckey, P.J. (eds.) CL 2000. LNCS (LNAI), vol. 1861, pp. 1300–1314. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. 7.
    Barker, S.: Protecting deductive databases from unauthorized retrieval and update requests. Journal of Data and Knowledge Engineering 23(3), 231–285 (2002)MATHGoogle Scholar
  8. 8.
    Barker, S., Leuschel, M., Varea, M.: Efficient and flexible access control via jones optimality logic program specialisation. In: HOSC (to appear, 2006)Google Scholar
  9. 9.
    Barker, S., Stuckey, P.: Flexible access control policy specification with constraint logic programming. ACM Trans. on Information and System Security 6(4), 501–546 (2003)CrossRefGoogle Scholar
  10. 10.
    Barthe, G., Dufay, G., Huisman, M., de Sousa, S.M.: Jakarta: A toolset for reasoning about javaCard. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. 11.
    Bertino, E., Catania, B., Ferrari, E., Perlasca, P.: A system to specify and manage multipolicy access control models. In: Proc. IEEE 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY 2002) (2002)Google Scholar
  12. 12.
    Bertino, E., Catania, B., Ferrari, E., Perlasca, P.: A logical framework for reasoning about access control models. In: SACMAT, pp. 41–52 (2001)Google Scholar
  13. 13.
    Borovansky, P., Kirchner, C., Kirchner, H., Moreau, P.-E.: ELAN from a rewriting logic point of view. Theoretical Computer Science 285, 155–185 (2002)MathSciNetCrossRefMATHGoogle Scholar
  14. 14.
    Clavel, M., Durán, F., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., Talcott, C.: The Maude 2. In: Nieuwenhuis, R. (ed.) RTA 2003. LNCS, vol. 2706, pp. 76–87. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  15. 15.
    Dershowitz, N., Jouannaud, J.-P.: Rewrite Systems. In: van Leeuwen, J. (ed.) Handbook of Theoretical Computer Science. Formal Methods and Semantics, vol. B. North-Holland, Amsterdam (1989)Google Scholar
  16. 16.
    De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: Access control: principles and solutions. Softw. Pract. Exper. 33(5), 397–421 (2003)CrossRefGoogle Scholar
  17. 17.
    Echahed, R., Prost, F.: Security policy in a declarative style. In: Proc. 7th ACM-SIGPLAN Symposium on Principles and Practice of Declarative Programming (PPDP 2005). ACM Press, New York (2005)Google Scholar
  18. 18.
    Fernández, M.: Programming Languages and Operational Semantics: An Introduction. King’s College Publications (2004)Google Scholar
  19. 19.
    Fernández, M., Jouannaud, J.-P.: Modular termination of term rewriting systems revisited. In: Reggio, G., Astesiano, E., Tarlecki, A. (eds.) Abstract Data Types 1994 and COMPASS 1994. LNCS, vol. 906. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  20. 20.
    Feuillade, G., Genet, T., Tong, V.V.T.: Reachability Analysis over Term Rewriting Systems. JAR 33(3-4), 341–383 (2004)MathSciNetCrossRefMATHGoogle Scholar
  21. 21.
    Hanus, M.: A unified computation model for functional and logic programming. In: Proc. 24st ACM Symposium on Principles of Programming Languages (POPL 1997). ACM Press, New York (1997)Google Scholar
  22. 22.
    Jajodia, S., Samarati, P., Sapino, M., Subrahmaninan, V.S.: Flexible support for multiple access control policies. ACM TODS 26(2), 214–260 (2001)CrossRefMATHGoogle Scholar
  23. 23.
    Kirchner, C., Kirchner, H., Vittek, M.: ELAN user manual. Nancy, France. Technical Report 95-R-342, CRIN (1995)Google Scholar
  24. 24.
    Klop, J.-W.: Term Rewriting Systems. In: Abramsky, S., Gabbay, D.M., Maibaum, T.S.E. (eds.) Handbook of Logic in Computer Science, vol. 2. Oxford University Press, Oxford (1992)Google Scholar
  25. 25.
    Klop, J.-W., van Oostrom, V., van Raamsdonk, F.: Combinatory reduction systems, introduction and survey. Theoretical Computer Science 121, 279–308 (1993)MathSciNetCrossRefMATHGoogle Scholar
  26. 26.
    Koch, M., Mancini, L., Parisi-Presicce, F.: A graph based formalism for rbac. In: SACMAT, pp. 129–187 (2004)Google Scholar
  27. 27.
    Butler, W.: Lampson. Protection. SIGOPS Oper. Syst. Rev. 8(1), 18–24 (1974)CrossRefGoogle Scholar
  28. 28.
    Marriott, K., Stuckey, P.J.: Programming with Constraints: an Introduction. MIT Press, Cambridge (1998)MATHGoogle Scholar
  29. 29.
    Mayr, R., Nipkow, T.: Higher-order rewrite systems and their confluence. Theoretical Computer Science 192, 3–29 (1998)MathSciNetCrossRefMATHGoogle Scholar
  30. 30.
    Newman, M.H.A.: On theories with a combinatorial definition of equivalence. Annals of Mathematics 43(2), 223–243 (1942)MathSciNetCrossRefMATHGoogle Scholar
  31. 31.
    Park, J., Sandhu, R.: The uconabc usage control model. ACM Trans. Inf. Syst. Secur. 7(1), 128–174 (2004)CrossRefGoogle Scholar
  32. 32.
    Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST model for role-based access control: Towards a unified standard. In: Proc. 4th ACM Workshop on Role-Based Access Control, pp. 47–61 (2000)Google Scholar
  33. 33.
    The XSB System Version 2.7.1, Programmer’s Manual (2005)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2006

Authors and Affiliations

  • Steve Barker
    • 1
  • Maribel Fernández
    • 1
  1. 1.Dept. of Computer ScienceKing’s College LondonStrand, LondonU.K.

Personalised recommendations