Hybrid Enforcement of Category-Based Access Control

  • Asad Ali
  • Maribel Fernández
Conference paper

DOI: 10.1007/978-3-319-11851-2_12

Part of the Lecture Notes in Computer Science book series (LNCS, volume 8743)
Cite this paper as:
Ali A., Fernández M. (2014) Hybrid Enforcement of Category-Based Access Control. In: Mauw S., Jensen C.D. (eds) Security and Trust Management. STM 2014. Lecture Notes in Computer Science, vol 8743. Springer, Cham

Abstract

Access control policies are often partly static, i.e. no dependence on any run-time information, and partly dynamic. However, they are usually enforced dynamically - even the static parts. We propose a new hybrid approach to policy enforcement using the Category-Based Access Control (CBAC) meta-model. We build on previous work, which established a static system for the enforcement of (static) hierarchical Role-Based Access Control (RBAC) policies. We modify the previous policy language, JPol, to specify static and dynamic categories. We establish an equivalence between static categories and static roles (in RBAC), therefore we are able to use the previous design patterns and static verification algorithm, with some changes, to enforce static categories. For dynamic categories, we propose a new design methodology and generate code in the target program to do the necessary run-time checks.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Asad Ali
    • 1
  • Maribel Fernández
    • 1
  1. 1.Department of InformaticsKing’s College LondonStrandUK

Personalised recommendations