Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us Track your research
Search
Cart
Book cover

IFIP Annual Conference on Data and Applications Security and Privacy

DBSec 2006: Data and Applications Security XX pp 267–281Cite as

  1. Home
  2. Data and Applications Security XX
  3. Conference paper
Authrule: A Generic Rule-Based Authorization Module

Authrule: A Generic Rule-Based Authorization Module

  • Sönke Busch18,
  • Björn Muschall19,
  • Günther Pernul19 &
  • …
  • Torsten Priebe20 
  • Conference paper

  • 620 Accesses

  • 5 Citations

Part of the Lecture Notes in Computer Science book series (LNISA,volume 4127)

Abstract

As part of the access control process an authorization decision needs to be taken based on a certain authorization model. Depending on the environment different models are applicable (e.g., RBAC in organizations, MAC in the military field). An authorization model contains all necessary elements needed for the decision (e.g., subjects, objects, and roles) as well as their relations. As these elements are usually inherent in the software architecture of an access control module, such modules limit themselves to the use of a certain specific authorization model. A later change of the model consequently results in a substantial effort for revising the software architecture of the given module. Rule-based systems are well suited to represent authorization models by mapping them to facts and rules, which can be modified in a flexible manner. In this paper we present a generic authorization module, which can take authorization decisions on the basis of arbitrary models utilizing rule-based technology. The implementation of the popular RBAC and ABAC (attribute-based access control) models is demonstrated.

Keywords

  • Access Control
  • Access Control Model
  • Authorization Model
  • Role Base Access Control
  • Authorization Decision

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Chapter PDF

Download to read the full chapter text

References

  1. Adam, N.R., Atluri, V., Bertino, E., Ferrari, E.: A Content-based Authorization Model for Digital Libraries. IEEE Transactions on Knowledge and Data Engineering 14(2) (March/April 2002)

    Google Scholar 

  2. Bertino, E., Catania, B., Ferrari, E., Perlasca, P.: A Logical Framework for Reasoning about Access Control Models. ACM Transactions on Information and System Security 6(1), 71–127 (2003)

    CrossRef  Google Scholar 

  3. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D., Chandramouli, R.: Proposed NIST Standard for Role-based Access Control. ACM Transactions on Information and Systems Security 4(3) (August 2001)

    Google Scholar 

  4. Ferrari, E., Adam, N.R., Atluri, V., Bertino, E., Capuozzo, U.: An Authorization System for Digital Libraries. VLDB Journal 11(1) (2002)

    Google Scholar 

  5. Enterprise JavaBeans 3.0. Java Specification Request 220 Proposed Final Draft, http://jcp.org/aboutJava/communityprocess/pfd/jsr220/index.html

  6. Kagal, L., Finin, T.W., Joshi, A.: A Policy Based Approach to Security for the Semantic Web. In: Fensel, D., Sycara, K.P., Mylopoulos, J. (eds.) ISWC 2003. LNCS, vol. 2870, pp. 402–418. Springer, Heidelberg (2003)

    CrossRef  Google Scholar 

  7. OASIS eXtensible Access Control Markup Language v2.0 (XACML), http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf

  8. Park, J., Sandhu, R.: The UCONABC Usage Control Model. ACM Transactions on Information Systems Security 7(1), 128–174 (2004)

    CrossRef  Google Scholar 

  9. Priebe, T., Fernandez, E.B., Mehlau, J.I., Pernul, G.: A Pattern System for Access Control. In: Proc. 18th Annual IFIP WG 11.3 Working Conference on Data and Application Security, Sitges, Spain (July 2004)

    Google Scholar 

  10. Priebe, T., Dobmeier, W., Muschall, B., Pernul, G.: ABAC - Ein Referenzmodell für attributbasierte Zugriffskontrolle. In: Proc. 2. Jahrestagung Fachbereich Sicherheit der Gesellschaft für Informatik (Sicherheit 2005), Regensburg, Germany (April 2005)

    Google Scholar 

  11. Uszok, A., et al.: KAoS Policy and Domain Services: Toward a Description-Logic Approach to Policy Representation, Deconfliction and Enforcement. In: Proc. 4th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2003), Comersee, Italy (June 2003)

    Google Scholar 

  12. Dridi, F., Fischer, M., Pernul, G.: CSAP – An Adaptable Security Module for the E-government System Webocrat. In: Proc. of the 18th IFIP International Information Security Conference (SEC 2003), Athens, Greece (May 2003)

    Google Scholar 

  13. Osborn, S., Sandhu, R., Munawar, Q.: Configuring Role-based Access Control to enforce Mandatory and Discretionary Access Control Policies. ACM Transactions on Information and System Security (TISSEC) 3, 85–106 (2000)

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Booz Allen Hamilton GmbH, Zollhof 8, D-40221, Düsseldorf, Germany

    Sönke Busch

  2. Department of Information Systems, University of Regensburg, D-93040, Regensburg, Germany

    Björn Muschall & Günther Pernul

  3. Capgemini Consulting Österreich AG, Lassallestraße 9b, A-1020, Vienna, Austria

    Torsten Priebe

Authors
  1. Sönke Busch
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Björn Muschall
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Günther Pernul
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Torsten Priebe
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento di Tecnologie dell’Informazione, Università degli Studi di Milano, Italy

    Ernesto Damiani

  2. The Logistics Institute, Northeastern University, Shenyang, China

    Peng Liu

Rights and permissions

Reprints and Permissions

Copyright information

© 2006 IFIP International Federation for Information Processing

About this paper

Cite this paper

Busch, S., Muschall, B., Pernul, G., Priebe, T. (2006). Authrule: A Generic Rule-Based Authorization Module. In: Damiani, E., Liu, P. (eds) Data and Applications Security XX. DBSec 2006. Lecture Notes in Computer Science, vol 4127. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11805588_19

Download citation

  • .RIS
  • .ENW
  • .BIB

  • DOI: https://doi.org/10.1007/11805588_19

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-36796-3

  • Online ISBN: 978-3-540-36799-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Publish with us

Policies and ethics

search

Navigation

  • Find a journal
  • Publish with us
  • Track your research

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support
  • Cancel contracts here

167.114.118.210

Not affiliated

Springer Nature

© 2023 Springer Nature