Hybrid Enforcement of Category-Based Access Control
Access control policies are often partly static, i.e. no dependence on any run-time information, and partly dynamic. However, they are usually enforced dynamically - even the static parts. We propose a new hybrid approach to policy enforcement using the Category-Based Access Control (CBAC) meta-model. We build on previous work, which established a static system for the enforcement of (static) hierarchical Role-Based Access Control (RBAC) policies. We modify the previous policy language, JPol, to specify static and dynamic categories. We establish an equivalence between static categories and static roles (in RBAC), therefore we are able to use the previous design patterns and static verification algorithm, with some changes, to enforce static categories. For dynamic categories, we propose a new design methodology and generate code in the target program to do the necessary run-time checks.
KeywordsAccess Control Static Category Action Call Access Control Policy Policy Enforcement
Unable to display preview. Download preview PDF.
- 1.Ali, A., Fernández, M.: Static enforcement of role-based access control. In: Ravara, A., Ter Beek, M. (eds.) Proceedings of the 10th International Workshop Automated Specification and Verification of Web Systems. EPTCS (2014)Google Scholar
- 2.Barker, S.: The next 700 access control models or a unifying meta-model? In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, SACMAT 2009, pp. 187–196. ACM, New York (2009)Google Scholar
- 5.Bodden, E., Lam, P., Hendren, L.: Partially evaluating finite-state runtime monitors ahead of time. ACM Trans. Program. Lang. Syst. 7, 7:1–7:52 (2012)Google Scholar
- 6.Eduardo, B.: Fernandez, Tami Sorgente, and Maria M. Larrondo-Petrie. Even more patterns for secure operating systems. In: Proceedings of the 2006 Conference on Pattern Languages of Programs, PLoP 2006, pp. 10:1–10:9. ACM, New York (2006)Google Scholar
- 7.Ferraiolo, D., Kuhn, R.: Role-based access control. In:15th NIST-NCSC National Computer Security Conference, pp. 554–563 (1992)Google Scholar
- 8.Gosling, J., Joy, B., Steele, G., Bracha, G.: Java(TM) Language Specification, The (3rd edn.) (Java (Addison-Wesley)), 3rd edn. Addison-Wesley Professional (2005)Google Scholar
- 10.Krasner, G.E., Pope, S.T.: A cookbook for using the model-view controller user interface paradigm in Smalltalk-80. J. Object Oriented Program. 1(3), 26–49 (1988)Google Scholar