ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Beyond separation of duty: An algebra for specifying high-level security policies
Full text PdfPdf (460 KB)
Source
Journal of the ACM (JACM) archive
Volume 55 ,  Issue 3  (July 2008) table of contents
Article No. 12  
Year of Publication: 2008
ISSN:0004-5411
Authors
Ninghui Li  Purdue University, West Lafayette, Indiana
Qihua Wang  Purdue University, West Lafayette, Indiana
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 21,   Downloads (12 Months): 504,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1379759.1379760
What is a DOI?

ABSTRACT

The process of introducing security controls into a sensitive task, which we call secure task design in this article, consists of two steps: high-level security policy design and low-level enforcement scheme design. A high-level security policy states an overall requirement for a sensitive task. One example of a high-level security policy is a separation of duty policy, which requires a task to be performed by a team of at least k users. Unlike low-level enforcement schemes such as security constraints in workflows, a separation of duty policy states a high-level requirement about the task without referring to individual steps in the task. While extremely important and widely used, separation of duty policies state only requirements on the number of users involved in the task and do not capture the requirements on these users' attributes. In this article, we introduce a novel algebra that enables the formal specification of high-level policies that combine requirements on users' attributes with requirements on the number of users motivated by separation of duty considerations. We give the syntax and semantics of the algebra and study algebraic properties of its operators. After that, we study potential mechanisms to enforce high-level policies specified in the algebra and a number of computational problems related to policy analysis and enforcement.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

1
Martín Abadi , Michael Burrows , Butler Lampson , Gordon Plotkin, A calculus for access control in distributed systems, ACM Transactions on Programming Languages and Systems (TOPLAS), v.15 n.4, p.706-734, Sept. 1993  [doi>10.1145/155183.155225]
2
Gail-Joon Ahn , Ravi Sandhu, The RSL99 language for role-based separation of duty constraints, Proceedings of the fourth ACM workshop on Role-based access control, p.43-54, October 28-29, 1999, Fairfax, Virginia, United States  [doi>10.1145/319171.319176]
3
Gail-Joon Ahn , Ravi Sandhu, Role-based authorization constraints specification, ACM Transactions on Information and System Security (TISSEC), v.3 n.4, p.207-226, Nov. 2000  [doi>10.1145/382912.382913]
 
4
Vijayalakshmi Atluri , Wei-kuang Huang, An Authorization Model for Workflows, Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security, p.44-64, September 25-27, 1996
5
Vijayalakshmi Atluri , Janice Warner, Supporting conditional delegation in secure workflow management systems, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden  [doi>10.1145/1063979.1063990]
6
Elisa Bertino , Elena Ferrari , Vijay Atluri, The specification and enforcement of authorization constraints in workflow management systems, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.65-104, Feb. 1999  [doi>10.1145/300830.300837]
 
7
Adam Barth , John C. Mitchell, Managing Digital Rights using Linear Logic, Proceedings of the 21st Annual IEEE Symposium on Logic in Computer Science, p.127-136, August 12-15, 2006  [doi>10.1109/LICS.2006.32]
8
Piero Bonatti , Sabrina de Capitani di Vimercati , Pierangela Samarati, A modular approach to composing access control policies, Proceedings of the 7th ACM conference on Computer and communications security, p.164-173, November 01-04, 2000, Athens, Greece  [doi>10.1145/352600.352623]
9
Piero Bonatti , Sabrina De Capitani di Vimercati , Pierangela Samarati, An algebra for composing access control policies, ACM Transactions on Information and System Security (TISSEC), v.5 n.1, p.1-35, February 2002  [doi>10.1145/504909.504910]
 
10
Clark, D. D., and Wilson, D. R. 1987. A comparision of commercial and military computer security policies. In Proceedings of the 1987 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA, 184--194.
11
Jason Crampton, Specifying and enforcing constraints in role-based access control, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy  [doi>10.1145/775412.775419]
12
Jason Crampton, A reference monitor for workflow systems with constrained task execution, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden  [doi>10.1145/1063979.1063986]
 
13
Garey, M. R., and Johnson, D. S. 1979. Computers And Intractability. W. H. Freeman.
 
14
Gligor, V. D., Gavrila, S. I., and Ferraiolo, D. F. 1998. On the formal definition of separation-of-duty policies and their composition. In Proceedings of IEEE Symposium on Research in Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA, 172--183.
15
Trent Jaeger, On the increasing importance of constraints, Proceedings of the fourth ACM workshop on Role-based access control, p.33-42, October 28-29, 1999, Fairfax, Virginia, United States  [doi>10.1145/319171.319175]
16
Trent Jaeger , Jonathon E. Tidswell, Practical safety in flexible access control models, ACM Transactions on Information and System Security (TISSEC), v.4 n.2, p.158-190, May 2001  [doi>10.1145/501963.501966]
 
17
Ninghui Li , John C. Mitchell , William H. Winsborough, Design of a Role-Based Trust-Management Framework, Proceedings of the 2002 IEEE Symposium on Security and Privacy, p.114, May 12-15, 2002
18
Ninghui Li , Mahesh V. Tripunitara , Ziad Bizri, On mutually exclusive roles and separation-of-duty, ACM Transactions on Information and System Security (TISSEC), v.10 n.2, p.5-es, May 2007  [doi>10.1145/1237500.1237501]
 
19
McLean, J. 1988. The algebra of security. In Proceedings of IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA, 2--7.
 
20
Nash, M. J., and Poland, K. R. 1990. Some conundrums concerning separation of duty. In Proceedings of IEEE Symposium on Research in Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA, 201--209.
 
21
Christos H. Papadimitriou , Kenneth Steiglitz, Combinatorial optimization: algorithms and complexity, Prentice-Hall, Inc., Upper Saddle River, NJ, 1982
 
22
Pincus, J., and Wing, J. M. 2005. Towards an algebra for security policies (extended abstract). In Proceedings of ICATPN 2005. Lecture Notes in Computer Science, vol. 3536. Springer-Verlag, New York, 17--25.
 
23
Saltzer, J. H., and Schroeder, M. D. 1975. The protection of information in computer systems. Proc. IEEE 63, 9 (Sep.), 1278--1308.
 
24
Sandhu, R. 1990. Separation of duties in computerized information systems. In Proceedings of the IFIP WG11.3 Workshop on Database Security.
 
25
Sandhu, R. S. 1988. Transaction control expressions for separation of duties. In Proceedings of the 4th Annual Computer Security Applications Conference (ACSAC'88).
 
26
Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996  [doi>10.1109/2.485845]
 
27
Richard Simon , Mary Ellen Zurko, Separation of Duty in Role-based Environments, Proceedings of the 10th IEEE workshop on Computer Security Foundations, p.183, June 10-12, 1997
 
28
Kaijun Tan , Jason Crampton , Carl A. Gunter, The Consistency of Task-Based Authorization Constraints in Workflow Systems, Proceedings of the 17th IEEE workshop on Computer Security Foundations, p.155, June 28-30, 2004  [doi>10.1109/CSFW.2004.22]
29
Jonathon E. Tidswell , Trent Jaeger, An access control model for simplifying constraint expression, Proceedings of the 7th ACM conference on Computer and communications security, p.154-163, November 01-04, 2000, Athens, Greece  [doi>10.1145/352600.352622]
 
30
Wang, Q., and Li, N. 2007. Satisfiability and resiliency in workflow systems. In Proceedings of the 12th European Symposium on Research in Computer Security (ESORICS). 90--105.
31
Duminda Wijesekera , Sushil Jajodia, A propositional policy algebra for access control, ACM Transactions on Information and System Security (TISSEC), v.6 n.2, p.286-325, May 2003  [doi>10.1145/762476.762481]

INDEX TERMS

Primary Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Access controls

Additional Classification:
  F. Theory of Computation
  F.2 ANALYSIS OF ALGORITHMS AND PROBLEM COMPLEXITY
      F.2.2 Nonnumerical Algorithms and Problems
          Subjects: Complexity of proof procedures
  F.4 MATHEMATICAL LOGIC AND FORMAL LANGUAGES
      F.4.3 Formal Languages

  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)


General Terms:
Security, Theory, Verification


Keywords:
Access control, policy design, separation of duty

Collaborative Colleagues:
Ninghui Li: colleagues
Qihua Wang: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player