research-article

Access control via belnap logic: Intuitive, expressive, and analyzable policy composition

Authors:

Michael HuthAuthors Info & Claims

ACM Transactions on Information and System Security (TISSEC), Volume 14, Issue 1

Article No.: 9, Pages 1 - 27

https://doi.org/10.1145/1952982.1952991

Published: 06 June 2011 Publication History

Abstract

Access control to IT systems increasingly relies on the ability to compose policies. Hence there is benefit in any framework for policy composition that is intuitive, formal (and so “analyzable” and “implementable”), expressive, independent of specific application domains, and yet able to be extended to create domain-specific instances. Here we develop such a framework based on Belnap logic. An access-control policy is interpreted as a four-valued predicate that maps access requests to either grant, deny, conflict, or unspecified -- the four values of the Belnap bilattice. We define an expressive access-control policy language PBel, having composition operators based on the operators of Belnap logic. Natural orderings on policies are obtained by lifting the truth and information orderings of the Belnap bilattice. These orderings lead to a query language in which policy analyses, for example, conflict freedom, can be specified. Policy analysis is supported through a reduction of the validity of policy queries to the validity of propositional formulas on predicates over access requests. We evaluate our approach through firewall policy and RBAC policy examples, and discuss domain-specific and generic extensions of our policy language.

References

[1]

Abadi, M., Burrows, M., Lampson, B., and Plotkin, G. 1993. A calculus for access control in distributed systems. ACM Trans. Program. Lang. Syst. 15, 4, 706--734.

Digital Library

[2]

Arieli, O. and Avron, A. 1998. The value of the four values. Artif. Intell. 102, 1, 97--141.

Digital Library

[3]

Bauer, L., Ligatti, J., and Walker, D. 2005. Composing security policies with Polymer. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'05). ACM, New York, 305--314.

Digital Library

[4]

Belnap, N. D. 1977. A useful four-valued logic. In Modern Uses of Multiple-Valued Logic, J. M. Dunn and G. Epstein Eds., D. Reidel, Dordrecht, 8--37.

[5]

Blaze, M., Feigenbaum, J., Ioannidis, J., and Keromytis, A. D. 1999. The role of trust management in distributed systems security. In Secure Internet Programming, Lecture Notes in Computer Science, vol. 1603, Springer, Berlin, 185--210.

Digital Library

[6]

Bonatti, P., De Capitani Di Vimercati, S., and Samarati, P. 2002. An algebra for composing access control policies. ACM Trans. Inform. Syst. Security. 5, 1, 1--35.

Digital Library

[7]

Bruns, G., Dantas, D. S., and Huth, M. 2007. A simple and expressive semantic framework for policy composition in access control. In Proceedings of the 5th Workshop on Formal Methods in Security Engineering: From Specifications to Code. V. D. Gligor and H. Mantel Eds., ACM, New York, 12--21.

Digital Library

[8]

Bruns, G. and Huth, M. 2008. Access control via Belnap logic: Effective and efficient composition and analysis. In Proceedings of the 21st IEEE Computer Security Foundations Symposium. A. Sabelfeld Ed., IEEE, Los Alamitos, CA, 163--176.

Digital Library

[9]

Bruns, G. and Huth, M. 2011. Access control via Belnap logic: Intuitive, expressive, and analyzable policy composition. Tech. rep. 2011/6, Department of Computing, Imperial College London.

[10]

Capretta, V., Stepien, B., Felty, A., and Matwin, S. 2007. Formal correctness of conflict detection for firewalls. In Proceedings of the ACM Workshop on Formal Methods in Security Engineering (FMSE'07). ACM, New York, 22--30.

Digital Library

[11]

CiscoWorks. 2004. Using management center for firewalls 1.3.2. Cisco Systems, Inc.

[12]

Dijkstra, E. W. 1976. A Discipline of Programming. Prentice Hall, Englewood Cliffs, NJ.

Digital Library

[13]

Ferraiolo, D. and Kuhn, D. R. 1992. Role-based access control. In Proceedings of the NIST-NSA National Computer Security Conference. 554--563.

[14]

Ferraiolo, D. F., Kuhn, D. R., and Chandramouli, R. 2003. Role-Based Access Control 2nd Ed., Artech House, Norwood, MA.

Digital Library

[15]

Fitting, M. 1991. Bilattices and the semantics of logic programming. J. Logic Program. 11, 1&2, 91--116.

Digital Library

[16]

Fitting, M. 2006. Bilattices are nice things. In Self-Reference, Center for the Study of Language and Information.

[17]

Ginsberg, M. 1988. Multivalued logics: A uniform approach to reasoning in AI. Comput. Intell. 4, 256--316.

[18]

Halpern, J. and Weissman, V. 2003. Using first-order logic to reason about policies. In Proceedings of the Computer Security Foundations Workshop (CSFW'03).

[19]

Halpern, J. Y. and Meyden, R. V. D. 2001. A logical reconstruction of SPKI. In Proceedings of the 14th IEEE Workshop on Computer Security Foundations (CSFW'01). IEEE Computer Society, Los Alamitos, CA, 59.

Digital Library

[20]

Jajodia, S., Samarati, P., Sapino, M. L., and Subrahmanian, V. S. 2001. Flexible support for multiple access control policies. ACM Trans. Datab. Syst. 26, 2, 214--260.

Digital Library

[21]

Kleene, S. C. 1952. Introduction to Metamathematics. D. Van Nostrand.

[22]

Lee, A. J., Boyer, J. P., Olson, L. E., and Gunter, C. A. 2006. Defeasible security policy composition for web services. In Proceedings of the 4th ACM Workshop on Formal Methods in Security (FMSE'06). ACM, New York, 45--54.

Digital Library

[23]

Li, N., Grosof, B. N., and Feigenbaum, J. 2003. Delegation logic: A logic-based approach to distributed authorization. ACM Trans. Inform. Syst. Security 6.

Digital Library

[24]

Li, N. and Mao, Z. 2007. Administration in role-based access control. In Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security (ASIACCS'07). ACM, New York, 127--138.

Digital Library

[25]

Li, N., Wang, Q., Qardaji, W., Bertino, E., Rao, P., Lobo, J., and Lin, D. 2009. Access control policy combining: Theory meets practice. In Proceedings of the 14th ACM Symposium on Access Control Models and Technologies. ACM, New York, 135--144.

Digital Library

[26]

McDougall, M., Alur, R., and Gunter, C. A. 2004. A model-based approach to integrating security policies for embedded devices. In Proceedings of the 4th ACM International Conference on Embedded Software (EMSOFT'04). ACM, New York, 211--219.

Digital Library

[27]

Meyer, B. 1992. Applying “Design by Contract”. IEEE Computer 25, 10, 40--51.

Digital Library

[28]

Mitchell, J. C. 1996. Foundations for Programming Languages. MIT Press, Cambridge, MA.

Digital Library

[29]

Moffett, J. and Sloman, M. 1994. Policy conflict analysis in distributed systems management. J. Organiz. Comput. 4, 1, 1--22.

[30]

Moses, T. 2005. eXtensible access control markup language (XACML). Version 2.0, Committee specification, OASIS.

[31]

Ni, Q., Bertino, E., and Lobo, J. 2009. D-algebra for composing access control policy decisions. In Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS'09). ACM, New York, 298--309.

Digital Library

[32]

Nuseibeh, B. and Easterbrook, S. 1999. The process of inconsistency management: A framework for understanding. In Proceedings of the Workshop on Database and Expert Systems Applications. IEEE, Los Alamitos, CA, 364--368.

Digital Library

[33]

Rao, P., Lin, D., Bertino, E., Li, N., and Lobo, J. 2009. An algebra for fine-grained integration of XACML policies. In Proceedings of the 14th ACM Symposium on Access Control Models and Technologies (SACMAT'09). ACM, New York, 63--72.

Digital Library

[34]

Reiter, R. 1980. A logic for default reasoning. Artif. Intell. 13, 1-2, 81--132.

Digital Library

[35]

Ribeiro, C., Zuquete, A., Ferreira, P., and Guedes, P. 2001. SPL: An access control language for security policies and complex constraints. In Proceedings of the Network and Distributed System Security Symposium (NDSS'01).

[36]

Sandhu, R. S., Bhamidipati, V., and Munawer, Q. 1999. The ARBAC97 model for role-based administration of roles. ACM Trans. Inform. Syst. Security 2, 1, 105--135.

Digital Library

[37]

Schmidt, D. 1995. The Structure of Typed Programming Languages. The MIT Press, Cambridge, MA.

Digital Library

[38]

Sedayao, J. 2001. Cisco IOS Access Lists. O'Reilly.

Digital Library

[39]

Woo, T. Y. C. and Lam, S. S. 1993. Authorizations in distributed systems: A new approach. J. Comput. Security 2, 2-3, 107--136.

Cited By

Huth MNielson F(2022)Static Analysis for Proactive SecurityComputing and Software Science10.1007/978-3-319-91908-9_19(374-392)Online publication date: 11-Mar-2022
https://dl.acm.org/doi/10.1007/978-3-319-91908-9_19
Gallagher KTorres-Arias SMemon NFeldman J(2021)COLBAC: Shifting Cybersecurity from Hierarchical to Horizontal DesignsProceedings of the 2021 New Security Paradigms Workshop10.1145/3498891.3498903(13-27)Online publication date: 25-Oct-2021
https://dl.acm.org/doi/10.1145/3498891.3498903
Qiu JTian ZDu CZuo QSu SFang B(2020)A Survey on Access Control in the Age of Internet of ThingsIEEE Internet of Things Journal10.1109/JIOT.2020.29693267:6(4682-4696)Online publication date: Jun-2020
https://doi.org/10.1109/JIOT.2020.2969326
Show More Cited By

Index Terms

Access control via belnap logic: Intuitive, expressive, and analyzable policy composition

Recommendations

A simple and expressive semantic framework for policy composition in access control
FMSE '07: Proceedings of the 2007 ACM workshop on Formal methods in security engineering

In defining large, complex access control policies, one would like to compose sub-policies, perhaps authored by different organizations, into a single global policy. Existing policy composition approaches tend to be ad-hoc, and do not explain whether ...
Access-Control Policies via Belnap Logic: Effective and Efficient Composition and Analysis
CSF '08: Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium

It is difficult to develop and manage large, multi-author access control policies without a means to compose larger policies from smaller ones. Ideally, an access-control policy language will have a small set of simple policy combinators that allow for ...
Rivals to Belnap---Dunn Logic on Interlaced Trilattices

The work of Arnon Avron and Ofer Arieli has shown a deep relationship between the theory of bilattices and the Belnap-Dunn logic $$\mathsf {E}_{\mathtt {fde}}$$Efde. This correspondence has been interpreted as evidence that $$\mathsf {E}_{\mathtt {fde}}$...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Transactions on Information and System Security

ACM Transactions on Information and System Security Volume 14, Issue 1

May 2011

366 pages

ISSN:1094-9224

EISSN:1557-7406

DOI:10.1145/1952982

Issue’s Table of Contents

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 June 2011

Accepted: 01 August 2010

Revised: 01 June 2010

Received: 01 September 2009

Published in TISSEC Volume 14, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

National Science Foundation

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

31
Total Citations
View Citations
576
Total Downloads

Downloads (Last 12 months)9
Downloads (Last 6 weeks)1

Reflects downloads up to 14 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Huth MNielson F(2022)Static Analysis for Proactive SecurityComputing and Software Science10.1007/978-3-319-91908-9_19(374-392)Online publication date: 11-Mar-2022
https://dl.acm.org/doi/10.1007/978-3-319-91908-9_19
Gallagher KTorres-Arias SMemon NFeldman J(2021)COLBAC: Shifting Cybersecurity from Hierarchical to Horizontal DesignsProceedings of the 2021 New Security Paradigms Workshop10.1145/3498891.3498903(13-27)Online publication date: 25-Oct-2021
https://dl.acm.org/doi/10.1145/3498891.3498903
Qiu JTian ZDu CZuo QSu SFang B(2020)A Survey on Access Control in the Age of Internet of ThingsIEEE Internet of Things Journal10.1109/JIOT.2020.29693267:6(4682-4696)Online publication date: Jun-2020
https://doi.org/10.1109/JIOT.2020.2969326
Cheung KHuth MKirk LLundbæk LMarques RPetsche JKerschbaum FMashatan ANiu JLee A(2019)Owner-Centric Sharing of Physical Resources, Data, and Data-Driven Insights in Digital EcosystemsProceedings of the 24th ACM Symposium on Access Control Models and Technologies10.1145/3322431.3326326(73-81)Online publication date: 28-May-2019
https://dl.acm.org/doi/10.1145/3322431.3326326
Li FLi ZHan WWu TChen LGuo YChen J(2019)Cyberspace-Oriented Access Control: A Cyberspace Characteristics-Based Model and its PoliciesIEEE Internet of Things Journal10.1109/JIOT.2018.28390656:2(1471-1483)Online publication date: Apr-2019
https://doi.org/10.1109/JIOT.2018.2839065
Sato HNikita S(2019)An Interactive and Continuous Authorization Scheme by using Belnap Logic2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC)10.1109/COMPSAC.2019.10287(682-687)Online publication date: Jul-2019
https://doi.org/10.1109/COMPSAC.2019.10287
Nielson FNielson HZhang F(2019)Multi-valued Logic for Static Analysis and Model CheckingModels, Mindsets, Meta: The What, the How, and the Why Not?10.1007/978-3-030-22348-9_7(89-109)Online publication date: 26-Jun-2019
https://doi.org/10.1007/978-3-030-22348-9_7
Jiang JChirkova RDoyle JRosenthal ABertino ELin DLobo J(2018)Towards Greater Expressiveness, Flexibility, and Uniformity in Access ControlProceedings of the 23nd ACM on Symposium on Access Control Models and Technologies10.1145/3205977.3208950(217-219)Online publication date: 7-Jun-2018
https://dl.acm.org/doi/10.1145/3205977.3208950
Paci FSquicciarini AZannone N(2018)Survey on Access Control for Community-Centered Collaborative SystemsACM Computing Surveys10.1145/314602551:1(1-38)Online publication date: 4-Jan-2018
https://dl.acm.org/doi/10.1145/3146025
Crampton JWilliams CBertino ESandhu RWeippl E(2017)Attribute Expressions, Policy Tables and Attribute-Based Access ControlProceedings of the 22nd ACM on Symposium on Access Control Models and Technologies10.1145/3078861.3078865(79-90)Online publication date: 7-Jun-2017
https://dl.acm.org/doi/10.1145/3078861.3078865
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents