Nothing Special   »   [go: up one dir, main page]

skip to main content
10.1145/1533057.1533091acmconferencesArticle/Chapter ViewAbstractPublication Pagesasia-ccsConference Proceedingsconference-collections
research-article

Expressive policy analysis with enhanced system dynamicity

Published: 10 March 2009 Publication History

Abstract

Despite several research studies, the effective analysis of policy based systems remains a significant challenge. Policy analysis should at least (i) be expressive (ii) take account of obligations and authorizations, (iii) include a dynamic system model, and (iv) give useful diagnostic information. We present a logic-based policy analysis framework which satisfies these requirements, showing how many significant policy-related properties can be analysed, and we give details of a prototype implementation.

References

[1]
D. Alrajeh, O. Ray, A. Russo, and S. Uchitel. Extracting requirements from scenarios with ilp. In S. Muggleton, R. P. Otero, and A. Tamaddoni-Nezhad, editors, ILP, volume 4455 of LNCS, pages 64--78. Springer, 2006.
[2]
A. Bandara, S. Calo, R. Craven, J. Lobo, E. Lupu, J. Ma, A. Russo, and M. Sloman. An expressive policy analysis framework with enhanced system dynamicity. Technical Report, Department of Computing, Imperial College London, 2008.
[3]
A. K. Bandara, E. C. Lupu, A. Russo, N. Dulay, M. Sloman, P. Flegkas, M. Charalambides, and G. Pavlou. Policy refinement for diffserv quality of service management. In Integrated Network Management, pages 469--482. IEEE, 2005.
[4]
S. Barker. Security policy specification in logic. In Proc. of Int. Conf. on AI, pages 143--148, June 2000.
[5]
M. Y. Becker and S. Nanz. A logic for state-modifying authorization policies. In ESORICS, pages 203--218, 2007.
[6]
M. Y. Becker and S. Nanz. The role of abduction in declarative authorization policies. In P. Hudak and D. S. Warren, editors, PADL, volume 4902 of LNCS, pages 84--99. Springer, 2008.
[7]
M. Y. Becker and P. Sewell. Cassandra: Flexible trust management, applied to electronic health records. In CSFW, pages 139--154. IEEE Computer Society, 2004.
[8]
D. F. C. Brewer and M. J. Nash. The chinese wall security policy. In IEEE Symposium on S & P, pages 206--214, 1989.
[9]
G. Bruns, D. S. Dantas, and M. Huth. A simple and expressive semantic framework for policy composition in access control. In P. Ning, V. Atluri, V. D. Gligor, and H. Mantel, editors, FMSE, pages 12--21. ACM, 2007.
[10]
G. Bruns and M. Huth. Access-control policies via belnap logic: Effective and efficient composition and analysis. In CSF, pages 163--176. IEEE Computer Society, 2008.
[11]
S. Chen, D. Wijesekera, and S. Jajodia. Incorporating dynamic constraints in the flexible authorization framework. In ESORICS, pages 1--16, 2004.
[12]
J. Chomicki. Efficient checking of temporal integrity constraints using bounded history encoding. ACM Trans. Database Syst., 20(2):149--186, 1995.
[13]
N. Damianou, N. Dulay, E. Lupu, and M. Sloman. The ponder policy specification language. In M. Sloman, J. Lobo, and E. Lupu, editors, POLICY, volume 1995 of LNCS, pages 18--38. Springer, 2001.
[14]
D. J. Dougherty, K. Fisler, and S. Krishnamurthi. Specifying and reasoning about dynamic access-control policies. In U. Furbach and N. Shankar, editors, IJCAR, volume 4130 of LNCS, pages 632--646. Springer, 2006.
[15]
D. J. Dougherty, K. Fisler, and S. Krishnamurthi. Obligations and their interaction with programs. In ESORICS, pages 375--389, 2007.
[16]
D. Ferraiolo and D. Kuhn. Role based access control. In 15th National Computer Security Conference, pages 554--563, 1992.
[17]
K. Fisler, S. Krishnamurthi, L. A. Meyerovich, and M. C. Tschantz. Verification and change-impact analysis of access-control policies. In G.-C. Roman, W. G. Griswold, and B. Nuseibeh, editors, ICSE, pages 196--205. ACM, 2005.
[18]
M. Gelfond and V. Lifschitz. The stable model semantics for logic programming. In R. Kowalski and K. Bowen, editors, Proc. 5th International Conference and Symposium on Logic Programming, pages 1070--1080, Seattle, Washington, August 15--19 1988.
[19]
R. Goldblatt. Logics of time and computation. Center for the Study of Language and Information, Stanford, CA, USA, 2nd edition, 1992.
[20]
J. Y. Halpern and V. Weissman. Using first-order logic to reason about policies. ACM Trans. Inf. Syst. Secur., 11(4), 2008.
[21]
K. Irwin, T. Yu, and W. H. Winsborough. On the modeling and analysis of obligations. In Proc. of ACM CCS, pages 134--143, 2006.
[22]
S. Jajodia, P. Samarati, M. L. Sapino, and V. S. Subrahmanian. Flexible support for multiple access control policies. ACM Trans. Database Syst., 26(2):214--260, 2001.
[23]
S. Jajodia, P. Samarati, and V. Subrahmanian. A logical language for expressing authorizations. In Proc. of the IEEE Symposium on S & P, pages 31--42, 1997.
[24]
S. Jajodia, P. Samarati, V. Subrahmanian, and E. Bertino. A unified framework for enforcing multiple access control policies. In Proc. of the ACM SIGMOD Conf., May 1997.
[25]
R. Kowalski and M. Sergot. A logic-based calculus of events. New Generation Computing, 4:67--95, 1986.
[26]
P. Loscocco and S. Smalley. Integrating flexible support for security policies into the linux operating system. In Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, pages 29--42, Berkeley, CA, USA, 2001. USENIX Association.
[27]
J. McCarthy. Elaboration tolerance. In Proc. Common Sense 98, 1998.
[28]
R. Miller and M. Shanahan. Some alternative formulations of the event calculus. In A. C. Kakas and F. Sadri, editors, Computational Logic: Logic Programming and Beyond, volume 2408 of LNCS, pages 452--490. Springer, 2002.
[29]
C. Nomikos, P. Rondogiannis, and M. Gergatsoulis. Temporal stratification tests for linear and branching-time deductive databases. Theor. Comput. Sci., 342(2--3):382--415, 2005.
[30]
OASIS XACML TC. extensible access control markup language (XACML) v2.0, 2005.
[31]
G. Rusello, C. Dong, and N. Dulay. Authorisation and conflict resolution for hierarchical domains. In Proc. of IEEE Policy Workshop, June 2007.
[32]
R. Sandhu, V. Bhamidipati, and Q. Munawer. The arbac97 model for role-based administration of roles. ACM Trans. Inf. Syst. Secur., 2(1):105--135, 1999.
[33]
R. Simon and M. E. Zurko. Separation of duty in role-based environments. In CSFW, pages 183--194. IEEE Computer Society, 1997.
[34]
B. Van Nuffelen. Abductive constraint logic programming: implementation and applications. PhD thesis, K. U. Leuven, Belgium, June 2004.

Cited By

View all
  • (2024)Acumen: Analysing the Impact of Organisational Change on Users’ Access EntitlementsComputer Security – ESORICS 202310.1007/978-3-031-51482-1_21(410-430)Online publication date: 11-Jan-2024
  • (2023)FLAP - A Federated Learning Framework for Attribute-based Access Control PoliciesProceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy10.1145/3577923.3583641(263-272)Online publication date: 24-Apr-2023
  • (2023)An ASP Framework for the Refinement of Authorization and Obligation PoliciesTheory and Practice of Logic Programming10.1017/S147106842300011X(1-16)Online publication date: 11-Jul-2023
  • Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences
ASIACCS '09: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
March 2009
408 pages
ISBN:9781605583945
DOI:10.1145/1533057
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 10 March 2009

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. authorization
  2. formal analysis
  3. policies
  4. security

Qualifiers

  • Research-article

Funding Sources

  • U.K. Ministry of Defence

Conference

Asia CCS 09
Sponsor:

Acceptance Rates

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)4
  • Downloads (Last 6 weeks)1
Reflects downloads up to 10 Nov 2024

Other Metrics

Citations

Cited By

View all
  • (2024)Acumen: Analysing the Impact of Organisational Change on Users’ Access EntitlementsComputer Security – ESORICS 202310.1007/978-3-031-51482-1_21(410-430)Online publication date: 11-Jan-2024
  • (2023)FLAP - A Federated Learning Framework for Attribute-based Access Control PoliciesProceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy10.1145/3577923.3583641(263-272)Online publication date: 24-Apr-2023
  • (2023)An ASP Framework for the Refinement of Authorization and Obligation PoliciesTheory and Practice of Logic Programming10.1017/S147106842300011X(1-16)Online publication date: 11-Jul-2023
  • (2023)Plan Selection Framework for Policy-Aware Autonomous AgentsLogics in Artificial Intelligence10.1007/978-3-031-43619-2_43(638-646)Online publication date: 24-Sep-2023
  • (2022)Systematic Machine Translation of Social Network Data Privacy PoliciesApplied Sciences10.3390/app12201049912:20(10499)Online publication date: 18-Oct-2022
  • (2022)A framework for representing internet of things security and privacy policies and detecting potential problemsProceedings of the 37th ACM/SIGAPP Symposium on Applied Computing10.1145/3477314.3508385(198-201)Online publication date: 25-Apr-2022
  • (2021)ProFact: A Provenance-Based Analytics Framework for Access Control PoliciesIEEE Transactions on Services Computing10.1109/TSC.2019.290064114:6(1914-1928)Online publication date: 1-Nov-2021
  • (2019)Methods and Tools for Policy AnalysisACM Computing Surveys10.1145/329574951:6(1-35)Online publication date: 4-Feb-2019
  • (2019)Access Control and Quality Attributes of Open Data: Applications and TechniquesBusiness Information Systems Workshops10.1007/978-3-030-04849-5_52(603-614)Online publication date: 3-Jan-2019
  • (2018)Towards automatic translation of social network policies into controlled natural language2018 12th International Conference on Research Challenges in Information Science (RCIS)10.1109/RCIS.2018.8406683(1-12)Online publication date: May-2018
  • Show More Cited By

View Options

Get Access

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media