ALPS: An Action Language for Policy Specification and Automated Safety Analysis
Authorization conditions of access control policies are complex and varied as they might depend, e.g., on the current time, the position of the users, selected parts of the system state, and even on the history of the computations. Several models, languages, and enforcement mechanisms have been proposed for different scenarios. Unfortunately, this complicates the verification of safety, i.e. no permission is leaked to unauthorized users. To avoid these problems, we present an intermediate language called Action Language for Policy Specification. Two desiderata drive its definition: (i) it should support as many models and policies as possible and (ii) it should be easily integrated in existing verification systems so that robust techniques (e.g., model checking or satisfiability solving) can be exploited to safety. We argue (i) by using selected examples of access control models and policies taken from the literature. For (ii), we prove some theoretical properties of the language that pave the way to the definition of automatic translations to available verification techniques.
KeywordsNism Dispatch Cond
Unable to display preview. Download preview PDF.
- 4.Boolos, G.S., Burgess, J.P., Jeffrey, R.C.: Computability and Logic. Cambridge University Press (2002)Google Scholar
- 5.Crampton, J.: A reference monitor for workflow systems with constrained task execution. In: 10th ACM SACMAT, pp. 38–47. ACM (2005)Google Scholar
- 6.De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Samarati, P.: Access Control Policies and Languages. Int. J. of Comp. Science and Eng. 3(2), 94–102 (2007)Google Scholar
- 9.Fikes, R.E., Nilsson, N.J.: Strips: A new approach to the application of theorem proving to problem solving. Artificial Intelligence 2(3), 189–208 (1972)Google Scholar
- 10.Fitting, M.: First-Order Logic and Automated Theorem Proving. In: Graduate Texts in Computer Science, 2nd edn., Springer, Heidelberg (1996)Google Scholar
- 13.Lenzerini, M.: Class Hierarchies and Their Complexity. In: Advances in Database Programming Languages, pp. 43–65. ACM (1990)Google Scholar
- 14.Ranise, S., Traverso, R.: ALPS: An Action Language for Policy Specification and Automated Safety Analysis, Technical Report (2014), http://goo.gl/vVPFKS
- 15.Wang, Q., Li, N.: Satisfiability and Resiliency in Workflow Authorization Systems. ACM TISSEC 13(4) (2010)Google Scholar