Skip to main content
SpringerLink
Log in

Caching and Auditing in the RPPM Model

  • Conference paper
Security and Trust Management (STM 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8743))

Included in the following conference series:

Abstract

Crampton and Sellwood recently introduced a variant of relationship-based access control based on the concepts of relationships, paths and principal matching, to which we will refer as the RPPM model. In this paper, we show that the RPPM model can be extended to provide support for caching of authorization decisions and enforcement of separation of duty policies. We show that these extensions are natural and powerful. Indeed, caching provides far greater advantages in RPPM than it does in most other access control models and we are able to support a wide range of separation of duty policies.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abadi, M., Fournet, C.: Access control based on execution history. In: NDSS. The Internet Society (2003)

    Google Scholar 

  2. Borders, K., Zhao, X., Prakash, A.: CPOL: high-performance policy evaluation. In: Atluri, V., Meadows, C., Juels, A. (eds.) ACM Conference on Computer and Communications Security, pp. 147–157. ACM (2005)

    Google Scholar 

  3. Brewer, D.F.C., Nash, M.J.: The Chinese Wall security policy. In: IEEE Symposium on Security and Privacy, pp. 206–214. IEEE Computer Society (1989)

    Google Scholar 

  4. Carminati, B., Ferrari, E., Perego, A.: Enforcing access control in web-based social networks. ACM Trans. Inf. Syst. Secur. 13(1) (2009)

    Google Scholar 

  5. Cheng, Y., Park, J., Sandhu, R.S.: Relationship-based access control for online social networks: Beyond user-to-user relationships. In: SocialCom/PASSAT, pp. 646–655. IEEE (2012)

    Google Scholar 

  6. Cheng, Y., Park, J., Sandhu, R.: A user-to-user relationship-based access control model for online social networks. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 8–24. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  7. Crampton, J., Sellwood, J.: Caching and auditing in the RPPM model. CoRR abs/1407.7841 (2014)

    Google Scholar 

  8. Crampton, J., Sellwood, J.: Path conditions and principal matching: a new approach to access control. In: Osborn, S.L., Tripunitara, M.V., Molloy, I. (eds.) SACMAT, pp. 187–198. ACM (2014)

    Google Scholar 

  9. Edjlali, G., Acharya, A., Chaudhary, V.: History-based access control for mobile code. In: Vitek, J., Jensen, C.D. (eds.) Secure Internet Programming. LNCS, vol. 1603, pp. 413–431. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  10. Fong, P.W.L.: Relationship-based access control: protection model and policy language. In: Sandhu, R.S., Bertino, E. (eds.) CODASPY, pp. 191–202. ACM (2011)

    Google Scholar 

  11. Fong, P.W.L., Mehregan, P., Krishnan, R.: Relational abstraction in community-based secure collaboration. In: Sadeghi, A.R., Gligor, V.D., Yung, M. (eds.) ACM Conference on Computer and Communications Security, pp. 585–598. ACM (2013)

    Google Scholar 

  12. Gligor, V.D., Gavrila, S.I., Ferraiolo, D.F.: On the formal definition of separation-of-duty policies and their composition. In: IEEE Symposium on Security and Privacy, pp. 172–183. IEEE Computer Society (1998)

    Google Scholar 

  13. Kohler, M., Brucker, A.D., Schaad, A.: Proactive caching: Generating caching heuristics for business process environments. In: CSE (3), pp. 297–304. IEEE Computer Society (2009)

    Google Scholar 

  14. Kohler, M., Fies, R.: Proactive caching - a framework for performance optimized access control evaluations. In: POLICY, pp. 92–94. IEEE Computer Society (2009)

    Google Scholar 

  15. Krukow, K., Nielsen, M., Sassone, V.: A logical framework for history-based access control and reputation systems. Journal of Computer Security 16(1), 63–101 (2008)

    Google Scholar 

  16. Simon, R.T., Zurko, M.E.: Separation of duty in role-based environments. In: CSFW, pp. 183–194. IEEE Computer Society (1997)

    Google Scholar 

  17. Wei, Q., Crampton, J., Beznosov, K., Ripeanu, M.: Authorization recycling in hierarchical rbac systems. ACM Trans. Inf. Syst. Secur. 14(1), 3 (2011)

    Article  Google Scholar 

  18. Zhang, R., Artale, A., Giunchiglia, F., Crispo, B.: Using description logics in relation based access control. In: Grau, B.C., Horrocks, I., Motik, B., Sattler, U. (eds.) Description Logics. CEUR Workshop Proceedings, vol. 477, CEUR-WS.org (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Royal Holloway University of London, Egham, United Kingdom

    Jason Crampton & James Sellwood

Authors
  1. Jason Crampton
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. James Sellwood
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Luxembourg, FSTC, 6, rue Richard Coudenhove-Kalergi, 1359, Luxembourg, Luxembourg

    Sjouke Mauw

  2. Department of Informatics and Mathematical Modelling, Technical University of Denmark, Richard Petersens Plads, 2800, Lyngby, Denmark

    Christian Damsgaard Jensen

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Crampton, J., Sellwood, J. (2014). Caching and Auditing in the RPPM Model. In: Mauw, S., Jensen, C.D. (eds) Security and Trust Management. STM 2014. Lecture Notes in Computer Science, vol 8743. Springer, Cham. https://doi.org/10.1007/978-3-319-11851-2_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-11851-2_4

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-11850-5

  • Online ISBN: 978-3-319-11851-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation