Hybrid Enforcement of Category-Based Access Control
- Cite this paper as:
- Ali A., Fernández M. (2014) Hybrid Enforcement of Category-Based Access Control. In: Mauw S., Jensen C.D. (eds) Security and Trust Management. STM 2014. Lecture Notes in Computer Science, vol 8743. Springer, Cham
Access control policies are often partly static, i.e. no dependence on any run-time information, and partly dynamic. However, they are usually enforced dynamically - even the static parts. We propose a new hybrid approach to policy enforcement using the Category-Based Access Control (CBAC) meta-model. We build on previous work, which established a static system for the enforcement of (static) hierarchical Role-Based Access Control (RBAC) policies. We modify the previous policy language, JPol, to specify static and dynamic categories. We establish an equivalence between static categories and static roles (in RBAC), therefore we are able to use the previous design patterns and static verification algorithm, with some changes, to enforce static categories. For dynamic categories, we propose a new design methodology and generate code in the target program to do the necessary run-time checks.
Unable to display preview. Download preview PDF.