Term Rewriting for Access Control

Barker, Steve; Fernández, Maribel

doi:10.1007/11805588_13

Term Rewriting for Access Control

Steve Barker¹⁸ &
Maribel Fernández¹⁸

Conference paper

625 Accesses
11 Citations

Part of the Lecture Notes in Computer Science book series (LNISA,volume 4127)

Abstract

We demonstrate how access control models and policies can be represented by using term rewriting systems, and how rewriting may be used for evaluating access requests and for proving properties of an access control policy. We focus on two kinds of access control models: discretionary models, based on access control lists (ACLs), and role-based access control (RBAC) models. For RBAC models, we show that we can specify several variants, including models with role hierarchies, and constraints and support for security administrator review querying.

Keywords

Access Control
Access Control Policy
Access Policy
Access Privilege
Access Control Model

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Chapter PDF

References

Abadi, M., Gordon, A.: A calculus for cryptographic protocols: The spi calculus. In: Proc. 4th ACM Conf. on Computer and Communication Security, pp. 36–47 (1997)
Google Scholar
Abbes, T., Bouhoula, A., Rusinowitch, M.: Protocol analysis in intrusion detection using decision tree. In: Proc. ITCC 2004, pp. 404–408 (2004)
Google Scholar
Abendroth, J., Jensen, C.: A unified security mechanism for networked applications. In: SAC 2003, pp. 351–357 (2003)
Google Scholar
Albert, E., Hanus, M., Huch, F., Oliver, J., Vidal, G.: Operational semantics for declarative multi-paradigm languages. Journal of Symbolic Computation (2004)
Google Scholar
Baader, F., Nipkow, T.: Term rewriting and all that. Cambridge University Press, Cambridge (1998)
CrossRef MATH Google Scholar
Barker, S.: Data protection by logic programming. In: Palamidessi, C., Moniz Pereira, L., Lloyd, J.W., Dahl, V., Furbach, U., Kerber, M., Lau, K.-K., Sagiv, Y., Stuckey, P.J. (eds.) CL 2000. LNCS (LNAI), vol. 1861, pp. 1300–1314. Springer, Heidelberg (2000)
CrossRef Google Scholar
Barker, S.: Protecting deductive databases from unauthorized retrieval and update requests. Journal of Data and Knowledge Engineering 23(3), 231–285 (2002)
MATH Google Scholar
Barker, S., Leuschel, M., Varea, M.: Efficient and flexible access control via jones optimality logic program specialisation. In: HOSC (to appear, 2006)
Google Scholar
Barker, S., Stuckey, P.: Flexible access control policy specification with constraint logic programming. ACM Trans. on Information and System Security 6(4), 501–546 (2003)
CrossRef Google Scholar
Barthe, G., Dufay, G., Huisman, M., de Sousa, S.M.: Jakarta: A toolset for reasoning about javaCard. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140. Springer, Heidelberg (2001)
CrossRef Google Scholar
Bertino, E., Catania, B., Ferrari, E., Perlasca, P.: A system to specify and manage multipolicy access control models. In: Proc. IEEE 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY 2002) (2002)
Google Scholar
Bertino, E., Catania, B., Ferrari, E., Perlasca, P.: A logical framework for reasoning about access control models. In: SACMAT, pp. 41–52 (2001)
Google Scholar
Borovansky, P., Kirchner, C., Kirchner, H., Moreau, P.-E.: ELAN from a rewriting logic point of view. Theoretical Computer Science 285, 155–185 (2002)
CrossRef MathSciNet MATH Google Scholar
Clavel, M., Durán, F., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., Talcott, C.: The Maude 2. In: Nieuwenhuis, R. (ed.) RTA 2003. LNCS, vol. 2706, pp. 76–87. Springer, Heidelberg (2003)
CrossRef Google Scholar
Dershowitz, N., Jouannaud, J.-P.: Rewrite Systems. In: van Leeuwen, J. (ed.) Handbook of Theoretical Computer Science. Formal Methods and Semantics, vol. B. North-Holland, Amsterdam (1989)
Google Scholar
De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: Access control: principles and solutions. Softw. Pract. Exper. 33(5), 397–421 (2003)
CrossRef Google Scholar
Echahed, R., Prost, F.: Security policy in a declarative style. In: Proc. 7th ACM-SIGPLAN Symposium on Principles and Practice of Declarative Programming (PPDP 2005). ACM Press, New York (2005)
Google Scholar
Fernández, M.: Programming Languages and Operational Semantics: An Introduction. King’s College Publications (2004)
Google Scholar
Fernández, M., Jouannaud, J.-P.: Modular termination of term rewriting systems revisited. In: Reggio, G., Astesiano, E., Tarlecki, A. (eds.) Abstract Data Types 1994 and COMPASS 1994. LNCS, vol. 906. Springer, Heidelberg (1995)
CrossRef Google Scholar
Feuillade, G., Genet, T., Tong, V.V.T.: Reachability Analysis over Term Rewriting Systems. JAR 33(3-4), 341–383 (2004)
CrossRef MathSciNet MATH Google Scholar
Hanus, M.: A unified computation model for functional and logic programming. In: Proc. 24st ACM Symposium on Principles of Programming Languages (POPL 1997). ACM Press, New York (1997)
Google Scholar
Jajodia, S., Samarati, P., Sapino, M., Subrahmaninan, V.S.: Flexible support for multiple access control policies. ACM TODS 26(2), 214–260 (2001)
CrossRef MATH Google Scholar
Kirchner, C., Kirchner, H., Vittek, M.: ELAN user manual. Nancy, France. Technical Report 95-R-342, CRIN (1995)
Google Scholar
Klop, J.-W.: Term Rewriting Systems. In: Abramsky, S., Gabbay, D.M., Maibaum, T.S.E. (eds.) Handbook of Logic in Computer Science, vol. 2. Oxford University Press, Oxford (1992)
Google Scholar
Klop, J.-W., van Oostrom, V., van Raamsdonk, F.: Combinatory reduction systems, introduction and survey. Theoretical Computer Science 121, 279–308 (1993)
CrossRef MathSciNet MATH Google Scholar
Koch, M., Mancini, L., Parisi-Presicce, F.: A graph based formalism for rbac. In: SACMAT, pp. 129–187 (2004)
Google Scholar
Butler, W.: Lampson. Protection. SIGOPS Oper. Syst. Rev. 8(1), 18–24 (1974)
CrossRef Google Scholar
Marriott, K., Stuckey, P.J.: Programming with Constraints: an Introduction. MIT Press, Cambridge (1998)
MATH Google Scholar
Mayr, R., Nipkow, T.: Higher-order rewrite systems and their confluence. Theoretical Computer Science 192, 3–29 (1998)
CrossRef MathSciNet MATH Google Scholar
Newman, M.H.A.: On theories with a combinatorial definition of equivalence. Annals of Mathematics 43(2), 223–243 (1942)
CrossRef MathSciNet MATH Google Scholar
Park, J., Sandhu, R.: The uconabc usage control model. ACM Trans. Inf. Syst. Secur. 7(1), 128–174 (2004)
CrossRef Google Scholar
Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST model for role-based access control: Towards a unified standard. In: Proc. 4th ACM Workshop on Role-Based Access Control, pp. 47–61 (2000)
Google Scholar
The XSB System Version 2.7.1, Programmer’s Manual (2005)
Google Scholar

Download references

Author information

Authors and Affiliations

Dept. of Computer Science, King’s College London, Strand, London, WC2R 2LS, U.K.
Steve Barker & Maribel Fernández

Authors

Steve Barker
View author publications
You can also search for this author in PubMed Google Scholar
Maribel Fernández
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Dipartimento di Tecnologie dell’Informazione, Università degli Studi di Milano, Italy
Ernesto Damiani
The Logistics Institute, Northeastern University, Shenyang, China
Peng Liu

Rights and permissions

Reprints and Permissions

Copyright information

About this paper

Cite this paper

Barker, S., Fernández, M. (2006). Term Rewriting for Access Control. In: Damiani, E., Liu, P. (eds) Data and Applications Security XX. DBSec 2006. Lecture Notes in Computer Science, vol 4127. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11805588_13

Download citation

DOI: https://doi.org/10.1007/11805588_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-36796-3
Online ISBN: 978-3-540-36799-4
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics