Abstract
Models of Access Control Policies specified with graphs and graph transformation rules combine an intuitive visual representation with solid semantical foundations. While the expressive power of graph transformations leads in general to undecidable models, we prove that it is possible, with reasonable restrictions on the form of the rules, to obtain access control models where safety is decidable. The restrictions introduced are minimal in that no deletion and addition of a graph structure are allowed in the same modification step. We then illustrate our result with two examples: a graph based DAC model and a simplified decentralized RBAC model.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
G. Ahn and R. Sandhu. Role-based Authorization Constraint Specification. A CM Trans. of Info. and System Security, 3(4), 2000.
A. Corradini, F. Rossi, and F. Parisi-Presicce. Logic programming as hypergraph rewriting. In Proc. of CAAP91, volume 493 of LNCS, pages 275–295. Springer, 1991.
H. Ehrig, G. Engels, H.-J. Kreowski, and G. Rozenberg, editors. Handbook of Graph Grammars and Computing by Graph Transformations. Vol. II: Applications, Languages, and Tools. World Scientific, 1999.
M. A. Harrison, M. L. Ruzzo, and J. D. Ullman. Protection in operating systems. Communications of the ACM, 19(8):461–471, 1976.
Trent Jaeger and Jonathan E. Tidswell. Practical safety in flexible access control models. ACM Trans. of Info. and System Security, 4(2), 2001.
M. Koch, L.V. Mancini, and F. Parisi-Presicce. A Formal Model for Role-Based Access Control using Graph Transformation. In F. Cuppens, Y. Deswarte, D. Gollmann, and M. Waidner, editors, Proc. of the 6th European Symposium on Research in Computer Security (ESORICS 2000), number 1895 in Lect. Notes in Comp. Sci., pages 122–139. Springer, 2000.
M. Koch, L.V. Mancini, and F. Parisi-Presicce. On the Specification and Evolution of Access Control Policies. In S. Osborne, editor, Proc. 6th ACM Symp. on Access Control Models and Technologies, pages 121–130. ACM, May 2001.
M. Koch, L.V. Mancini, and F. Parisi-Presicce. Foundations for a graph-based approach to the Specification of Access Control Policies. In F. Honsell and M. Miculan, editors, Proc. of Foundations of Software Science and Computation Structures (FoSSaCS 2001), Lect. Notes in Comp. Sci. Springer, March 2001.
R. J. Lipton and L. Snyder. On synchronization and security. In Demillo et al., editor, Foundations of Secure Computation. Academic Press, 1978.
M. Nyanchama and S. L. Osborne. The Role Graph Model and Conflict of Interest. A CM Trans. of Info. and System Security, 1(2):3–33, 1999.
G. Rozenberg, editor. Handbook of Graph Grammars and Computing by Graph Transformations. Vol. I: Foundations. World Scientific, 1997.
L. Snyder. On the Synthesis and Analysis of Protection Systems. In Proc. of 6th Symposium on Operating System Principles, volume 11 of Operating System Review, pages 141–150. ACM, 1977.
Ravi S. Sandhu and Gurpreet S. Suri. Non-Monotonic Transformation of Access Rights. In Proc. IEEE Symposium on Research and Privacy, pages 148–161, 1992.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Koch, M., Mancini, L.V., Parisi-Presicce, F. (2002). Decidability of Safety in Graph-Based Models for Access Control. In: Gollmann, D., Karjoth, G., Waidner, M. (eds) Computer Security — ESORICS 2002. ESORICS 2002. Lecture Notes in Computer Science, vol 2502. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45853-0_14
Download citation
DOI: https://doi.org/10.1007/3-540-45853-0_14
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44345-2
Online ISBN: 978-3-540-45853-1
eBook Packages: Springer Book Archive