ALPS: An Action Language for Policy Specification and Automated Safety Analysis

  • Silvio Ranise
  • Riccardo Traverso
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8743)

Abstract

Authorization conditions of access control policies are complex and varied as they might depend, e.g., on the current time, the position of the users, selected parts of the system state, and even on the history of the computations. Several models, languages, and enforcement mechanisms have been proposed for different scenarios. Unfortunately, this complicates the verification of safety, i.e. no permission is leaked to unauthorized users. To avoid these problems, we present an intermediate language called Action Language for Policy Specification. Two desiderata drive its definition: (i) it should support as many models and policies as possible and (ii) it should be easily integrated in existing verification systems so that robust techniques (e.g., model checking or satisfiability solving) can be exploited to safety. We argue (i) by using selected examples of access control models and policies taken from the literature. For (ii), we prove some theoretical properties of the language that pave the way to the definition of automatic translations to available verification techniques.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abdulla, P.A.: Well (and better) quasi-ordered transition systems. Bulletin of Symbolic Logic 16(4), 457–515 (2010)CrossRefMATHMathSciNetGoogle Scholar
  2. 2.
    Alur, R., Dill, D.L.: A theory of timed automata. Theoretical Computer Science 126(2), 183–235 (1994)CrossRefMATHMathSciNetGoogle Scholar
  3. 3.
    Becker, M.Y., Nanz, S.: A Logic for State-Modifying Authorization Policies. ACM Trans. on Info. and Sys. Sec. 13(3), 1–28 (2010)CrossRefGoogle Scholar
  4. 4.
    Boolos, G.S., Burgess, J.P., Jeffrey, R.C.: Computability and Logic. Cambridge University Press (2002)Google Scholar
  5. 5.
    Crampton, J.: A reference monitor for workflow systems with constrained task execution. In: 10th ACM SACMAT, pp. 38–47. ACM (2005)Google Scholar
  6. 6.
    De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Samarati, P.: Access Control Policies and Languages. Int. J. of Comp. Science and Eng. 3(2), 94–102 (2007)Google Scholar
  7. 7.
    Dowling, W.F., Gallier, J.H.: Linear-time algorithms for testing the satisfiability of propositional horn formulae. J. of Logic Progr. 1(3), 267–284 (1984)CrossRefMATHMathSciNetGoogle Scholar
  8. 8.
    Erol, K., Nau, D.S., Subrahmanian, V.S.: Complexity, Decidability and Undecidability Results for Domain-Independent Planning: A Detailed Analysis. Artificial Intelligence 76, 75–88 (1991)CrossRefMathSciNetGoogle Scholar
  9. 9.
    Fikes, R.E., Nilsson, N.J.: Strips: A new approach to the application of theorem proving to problem solving. Artificial Intelligence 2(3), 189–208 (1972)Google Scholar
  10. 10.
    Fitting, M.: First-Order Logic and Automated Theorem Proving. In: Graduate Texts in Computer Science, 2nd edn., Springer, Heidelberg (1996)Google Scholar
  11. 11.
    Frohardt, R., Chang, B.-Y.E., Sankaranarayanan, S.: Access Nets: Modeling Access to Physical Spaces. In: Jhala, R., Schmidt, D. (eds.) VMCAI 2011. LNCS, vol. 6538, pp. 184–198. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  12. 12.
    Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in Operating Systems. Communications of ACM 19(8), 461–471 (1976)CrossRefMATHMathSciNetGoogle Scholar
  13. 13.
    Lenzerini, M.: Class Hierarchies and Their Complexity. In: Advances in Database Programming Languages, pp. 43–65. ACM (1990)Google Scholar
  14. 14.
    Ranise, S., Traverso, R.: ALPS: An Action Language for Policy Specification and Automated Safety Analysis, Technical Report (2014), http://goo.gl/vVPFKS
  15. 15.
    Wang, Q., Li, N.: Satisfiability and Resiliency in Workflow Authorization Systems. ACM TISSEC 13(4) (2010)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Silvio Ranise
    • 1
  • Riccardo Traverso
    • 1
  1. 1.FBK (Fondazione Bruno Kessler)TrentoItaly

Personalised recommendations