Modularisation in Maude of Parametrized RBAC for Row Level Access Control

  • Ścibor Sobieski
  • Bartosz Zieliński
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6909)

Abstract

We formalize a Parametrized Role-Based Access Control in the language Maude. We demonstrate how this formalization can be used to specify a row level access control policy in a database and how module algebra capabilities of Maude assist in modularization of such specification.

Keywords

Access Control Security Policy User Query Access Control Policy Access Control System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    The Virtual Private Database in Oracle9ir2. An Oracle White Paper (2002)Google Scholar
  2. 2.
    Abdallah, A., Khayat, E.: A Formal Model for Parameterized Role-Based Access Control. In: Dimitrakos, T., Martinelli, F. (eds.) Formal Aspects in Security and Trust, IFIP, vol. 173, pp. 233–246. Springer, Boston (2005)CrossRefGoogle Scholar
  3. 3.
    Barker, S., Fernandez, M.: Term Rewriting for Access Control. In: Damiani, E., Liu, P. (eds.) DBSec 2006. LNCS, vol. 4127, pp. 179–193. Springer, Heidelberg (2006)Google Scholar
  4. 4.
    Bell, D., LaPadula, L.: Secure Computer Systems: Mathematical Foundations and Model. The MITRE Corporation Technical Report M74-244 (May 1973)Google Scholar
  5. 5.
    Bouhoula, A., Jouannaud, J.P., Meseguer, J.: Specification and Proof in Membership Equational Logic. Tech. rep., SRI International (1988)Google Scholar
  6. 6.
    Bourdier, T., Cirstea, H., Jaume, M., Kirchner, H.: On Formal Specification and Analysis of Security Policies, preprint inria-0042924Google Scholar
  7. 7.
    Clavel, M., Durán, F., Eker, S., Lincoln, P., Marti-Oliet, N., Meseguer, J., Talcott, C.: Maude Manual, Version 2.6 (2011)Google Scholar
  8. 8.
    Clavel, M., Durán, F., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., Talcott, C.: The Maude 2.0 System. In: Nieuwenhuis, R. (ed.) RTA 2003. LNCS, vol. 2706, pp. 76–87. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Denker, G., Meseguer, J., Talcott, C.: Protocol Specification and Analysis in Maude. In: Workshop on Formal Methods and Security Protocols (1998)Google Scholar
  10. 10.
    Dougherty, D.J., Kirchner, C., Kirchner, H., De, A.S.: Modular Access Control via Strategic Rewriting. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 578–593. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  11. 11.
    Ferraiolo, D., Kuhn, D., Chandramouli, R.: Role-Based Access Control. Artech House computer security series. Artech House, Boston (2003)MATHGoogle Scholar
  12. 12.
    Ge, M., Osborn, S.: A Design for Parameterized Roles. In: Farkas, C., Samarati, P. (eds.) DBSec. IFIP, vol. 144, pp. 251–264, Kluver (2004)Google Scholar
  13. 13.
    Goguen, J.A., Meseguer, J.: Order-Sorted Algebra i: Equational Deduction for Multiple Inheritance, Overloading, Exceptions and Partial Operations. Theor. Comput. Sci. 105, 217–273 (1992)MathSciNetCrossRefMATHGoogle Scholar
  14. 14.
    Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S.: Flexible Support for Multiple Access Control Policies. ACM Trans. Database Syst. 26(2), 214–260 (2001)CrossRefMATHGoogle Scholar
  15. 15.
    Kuhn, D.R., Coyne, E.J., Weil, T.R.: Adding Attributes to Role-Based Access Control. IEEE Computer 43(6), 79–81 (2010)CrossRefGoogle Scholar
  16. 16.
    Martí-Oliet, N., Meseguer, J.: Rewriting Logic as a Logical and Semantic Framework. In: Meseguer, J. (ed.) Electronic Notes in Theoretical Computer Science, vol. 4. Elsevier Science Publishers, Amsterdam (2000)Google Scholar
  17. 17.
    Meseguer, J.: Membership Algebra as a Logical Framework for Equational Specification. In: Parisi-Presicce, F. (ed.) WADT 1997. LNCS, vol. 1376, pp. 18–61. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  18. 18.
    Miodek, K., Pychowski, J.: Elastyczny System Uprawnień Użytkowników w Systemie Zarządzania Bazą Danych PostgreSQL. In: Bazy Danych - Modele, Technologie, Narzedzia, pp. 309–314. WKL Gliwice (2006)Google Scholar
  19. 19.
    de Oliveira, A.S.: Rewriting-Based Access Control Policies. Electr. Notes Theor. Comput. Sci. 171(4), 59–72 (2007)CrossRefGoogle Scholar
  20. 20.
    Rizvi, S., Mendelzon, A., Sudarshan, S., Roy, P.: Extending Query Rewriting Techniques for Fine-Grained Access Control. In: Proceedings of the 2004 ACM SIGMOD International Conference on Management of Data, pp. 551–562 (2004)Google Scholar
  21. 21.
    Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST Model for Role-Based Access Control: Towards A Unified Standard. In: Proceedings of the Fifth ACM Workshop on Role-based Access Control, pp. 47–63 (2000)Google Scholar
  22. 22.
    Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)CrossRefGoogle Scholar
  23. 23.
    Stoller, S.D., Yang, P., Gofman, M.I., Ramakrishnan, C.: Symbolic Reachability Analysis for Parameterized Administrative Role-Based Access Control. Computers & Security 30(2-3), 148–164 (2011)CrossRefGoogle Scholar
  24. 24.
    Stonebraker, M., Wong, E.: Access Control in a Relational Database Management System by Query Modification. In: Proceedings of the 1974 Annual Conference ACM 1974, vol. 1, pp. 180–186. ACM, New York (1974)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Ścibor Sobieski
    • 1
  • Bartosz Zieliński
    • 1
  1. 1.Department of Theoretical Physics and Informatics, Faculty of Physics and Applied InformaticsUniversity of ŁodźŁódźPoland

Personalised recommendations