Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Building a Fair System Using Access Rights

  • Conference paper
  • First Online:
Information Systems Security (ICISS 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10063))

Included in the following conference series:

Abstract

The law of computer and freedoms specifies that the access to personal data is a right that must be ensured. Indeed, this law provides sanctions when this right is violated. It is important to preserve this access right because it allows people to verify the accuracy of their personal data and thus, emit a rectification request or ask for the deletion of this data if it is necessary. In this paper, we propose a formal model which enables to extend security policies with right rules in order to express access right. In our approach, we make a distinction between access permission and access right and propose a semantics of a guaranteed right and means to detect violations. The model is based on the situation calculus. It allows, through planning tools, to provide an off-line policy analysis in order to detect in advance the situations which prevent a right to be exercised. In addition to the concept of secure system which is defined as a system that meets the requirements of access control, we propose to introduce the concept of a fair system that meets the requirements of the access right. We formalize this notion and give a characteristic which enables to prove if a system specification is fair with respect to right requirements.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

eBook
USD 13.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    http://www.cnil.fr/documentation/textes-fondateurs/loi78-17/#Article1.

  2. 2.

    http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=URISERV%3Al14012.

  3. 3.

    http://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/108.

  4. 4.

    http://www.cnil.fr/fileadmin/documents/Guides_pratiques/CNIL-Guide_securite_avance_Mesures.pdf.

  5. 5.

    The difficulty in logic of expressing the dynamics of a situation without explicitly specifying everything that is not affected by the actions.

  6. 6.

    http://www.cnil.fr/vos-droits/vos-droits/le-droit-de-rectification/.

References

  1. Pontual, M., Chowdhury, O., Winsborough, W.H., Yu, T., Irwin, K.: On the management of user obligations. In: Proceedings of the 16th ACM Symposium on Access Control Models and Technologies, SACMAT 2011, pp. 175–184. ACM, New York (2011). http://doi.acm.org/10.1145/1998441.1998473

  2. Irwin, K., Yu, T., Winsborough, W.H.: On the modeling and analysis of obligations. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, pp. 134–143. ACM, New York (2006). http://doi.acm.org/10.1145/1180405.1180423

  3. Elrakaiby, Y., Cuppens, F., Cuppens-Boulahia, N.: Formal enforcement and management of obligation policies. Data Knowl. Eng. 71(1), 127–147 (2012). http://dx.doi.org/10.1016/j.datak.2011.09.001

    Google Scholar 

  4. Essaouini, N., Cuppens, F., Cuppens-Boulahia, N., El Kalam, A.A.: Conflict management in obligation with deadline policies. In: Proceedings of the 2013 International Conference on Availability, Reliability and Security, ARES 2013, pp. 52–61. IEEE Computer Society, Washington, DC (2013). http://dx.doi.org/10.1109/ARES.2013.12

  5. Green, C.: Application of theorem proving to problem solving. In: Proceedings of the 1st International Joint Conference on Artificial Intelligence, IJCAI 1969, pp. 219–239. Morgan Kaufmann Publishers Inc., San Francisco (1969). http://dl.acm.org/citation.cfm?id=1624562.1624585

  6. Levesque, H.J., Reiter, R., Lespérance, Y., Lin, F., Scherl, R.B.: GOLOG: a logic programming language for dynamic domains. J. Log. Program. 31(1–3), 59–83 (1997). http://dx.doi.org/10.1016/S0743-1066(96)00121--5

    Google Scholar 

  7. McCarthy, J.: Situations, actions, and causal laws. Stanford Artificial Intelligence Project, Stanford University, Technical report Memo 2 (1983)

    Google Scholar 

  8. Reiter, R.: Sequential, temporal GOLOG. In: Cohn, A.G., Schubert, L.K., Shapiro, S.C. (eds.) Proceedings of the Sixth International Conference on Principles of Knowledge Representation and Reasoning (KR 1998), Trento, Italy, 2–5 June 1998, pp. 547–556. Morgan Kaufmann (1998)

    Google Scholar 

  9. Reiter, R.: Natural actions, concurrency and continuous time in the situation calculus. In: Aiello, L.C., Doyle, J., Shapiro, S.C. (eds.) Proceedings of the Fifth International Conference on Principles of Knowledge Representation and Reasoning (KR 1996), Cambridge, Massachusetts, USA, 5–8 November 1996, pp. 2–13. Morgan Kaufmann (1996)

    Google Scholar 

  10. Lin, F., Reiter, R.: State constraints revisited. J. Log. Comput. 4(5), 655–678 (1994)

    Article  MathSciNet  MATH  Google Scholar 

  11. Reiter, R.: The frame problem in situation the calculus: a simple solution (sometimes) and a completeness result for goal regression. In: Lifschitz, V. (ed.) Artificial Intelligence and Mathematical Theory of Computation, pp. 359–380. Academic Press Professional Inc., San Diego (1991). http://dl.acm.org/citation.cfm?id=132218.132239

  12. Reiter, R.: Proving properties of states in the situation calculus. Artif. Intell. 64(2), 337–351 (1993). http://dx.doi.org/10.1016/0004-3702(93)90109-O

    Google Scholar 

  13. Green, C.: Theorem-proving by resolution as a basis for question-answering systems. In: Meltzer, B., Michie, D. (eds.) Machine Intelligence, vol. 4, ch. 11, pp. 183–205. Edinburgh University Press (1969)

    Google Scholar 

  14. Craven, R., Lobo, J., Ma, J., Russo, A., Lupu, E., Bandara, A.: Expressive policy analysis with enhanced system dynamicity. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, ASIACCS 2009, pp. 239–250. ACM, New York (2009). http://doi.acm.org/10.1145/1533057.1533091

  15. Kowalski, R., Sergot, M.: A logic-based calculus of events. New Gen. Comput. 4(1), 67–95. http://dx.doi.org/10.1007/BF03037383

    Google Scholar 

  16. Miller, R., Shanahan, M.: Some alternative formulations of the event calculus. In: Kakas, A.C., Sadri, F. (eds.) Computational Logic: Logic Programming and Beyond. LNCS (LNAI), vol. 2408, pp. 452–490. Springer, Heidelberg (2002). doi:10.1007/3-540-45632-5_17

    Chapter  Google Scholar 

  17. Elrakaiby, Y., Cuppens, F., Cuppens-Boulahia, N.: Formal enforcement and management of obligation policies. Data Knowl. Eng. 71(1), 127–147 (2012). http://dx.doi.org/10.1016/j.datak.2011.09.001

    Google Scholar 

  18. Sartor, G.: Legal reasoning: A cognitive approach to the law. Springer (2005)

    Google Scholar 

  19. Sartor, G.: Doing justice to rights, values: teleological reasoning and proportionality. Artif. Intell. Law 18(2), 175–215 (2010). http://dx.doi.org/10.1007/s10506-010-9095-7

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Télécom Bretagne, 2 rue châtaigneraie, 35510, Cesson Sévigné, France

    Nada Essaouini, Frédéric Cuppens & Nora Cuppens-Boulahia

Authors
  1. Nada Essaouini
    View author publications

    Search author on:PubMed Google Scholar

  2. Frédéric Cuppens
    View author publications

    Search author on:PubMed Google Scholar

  3. Nora Cuppens-Boulahia
    View author publications

    Search author on:PubMed Google Scholar

Corresponding author

Correspondence to Nada Essaouini .

Editor information

Editors and Affiliations

  1. Colorado State University, Fort Collins, Colorado, USA

    Indrajit Ray

  2. Malaviya National Institute of Technology, Jaipur, India

    Manoj Singh Gaur

  3. University of Padua, Padua, Italy

    Mauro Conti

  4. IIIT Delhi, Delhi, India

    Dheeraj Sanghi

  5. IIT Madras, Madras, India

    V. Kamakoti

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Essaouini, N., Cuppens, F., Cuppens-Boulahia, N. (2016). Building a Fair System Using Access Rights. In: Ray, I., Gaur, M., Conti, M., Sanghi, D., Kamakoti, V. (eds) Information Systems Security. ICISS 2016. Lecture Notes in Computer Science(), vol 10063. Springer, Cham. https://doi.org/10.1007/978-3-319-49806-5_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-49806-5_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-49805-8

  • Online ISBN: 978-3-319-49806-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics