ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Expressive policy analysis with enhanced system dynamicity
Full text PdfPdf (766 KB)
Source
ASIAN ACM Symposium on Information, Computer and Communications Security archive
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security table of contents
Sydney, Australia
SESSION: Access control table of contents
Pages 239-250  
Year of Publication: 2009
ISBN:978-1-60558-394-5
Authors
Robert Craven  Imperial College, London
Jorge Lobo  IBM T.J. Watson Research Center
Jiefei Ma  Imperial College, London
Alessandra Russo  Imperial College, London
Emil Lupu  Imperial College, London
Arosha Bandara  Open University
Sponsor
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 31,   Downloads (12 Months): 104,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1533057.1533091
What is a DOI?

ABSTRACT

Despite several research studies, the effective analysis of policy based systems remains a significant challenge. Policy analysis should at least (i) be expressive (ii) take account of obligations and authorizations, (iii) include a dynamic system model, and (iv) give useful diagnostic information. We present a logic-based policy analysis framework which satisfies these requirements, showing how many significant policy-related properties can be analysed, and we give details of a prototype implementation.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Dalal Alrajeh , Oliver Ray , Alessandra Russo , Sebastian Uchitel, Extracting Requirements from Scenarios with ILP, Inductive Logic Programming: 16th International Conference, ILP 2006, Santiago de Compostela, Spain, August 24-27, 2006, Revised Selected Papers, Springer-Verlag, Berlin, Heidelberg, 2007  [doi>10.1007/978-3-540-73847-3_14]
 
2
A. Bandara, S. Calo, R. Craven, J. Lobo, E. Lupu, J. Ma, A. Russo, and M. Sloman. An expressive policy analysis framework with enhanced system dynamicity. Technical Report, Department of Computing, Imperial College London, 2008.
 
3
A. K. Bandara, E. C. Lupu, A. Russo, N. Dulay, M. Sloman, P. Flegkas, M. Charalambides, and G. Pavlou. Policy refinement for diffserv quality of service management. In Integrated Network Management, pages 469--482. IEEE, 2005.
 
4
S. Barker. Security policy specification in logic. In Proc. of Int. Conf. on AI, pages 143--148, June 2000.
 
5
M. Y. Becker and S. Nanz. A logic for state-modifying authorization policies. In ESORICS, pages 203--218, 2007.
 
6
M. Y. Becker and S. Nanz. The role of abduction in declarative authorization policies. In P. Hudak and D. S. Warren, editors, PADL, volume 4902 of LNCS, pages 84--99. Springer, 2008.
 
7
Moritz Y. Becker , Peter Sewell, Cassandra: Flexible Trust Management, Applied to Electronic Health Records, Proceedings of the 17th IEEE workshop on Computer Security Foundations, p.139, June 28-30, 2004  [doi>10.1109/CSFW.2004.7]
 
8
D. F. C. Brewer and M. J. Nash. The chinese wall security policy. In IEEE Symposium on S & P, pages 206--214, 1989.
9
Glenn Bruns , Daniel S Dantas , Michael Huth, A simple and expressive semantic framework for policy composition in access control, Proceedings of the 2007 ACM workshop on Formal methods in security engineering, p.12-21, November 02-02, 2007, Fairfax, Virginia, USA  [doi>10.1145/1314436.1314439]
 
10
Glenn Bruns , Michael Huth, Access-Control Policies via Belnap Logic: Effective and Efficient Composition and Analysis, Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium, p.163-176, June 23-25, 2008  [doi>10.1109/CSF.2008.10]
 
11
S. Chen, D. Wijesekera, and S. Jajodia. Incorporating dynamic constraints in the flexible authorization framework. In ESORICS, pages 1--16, 2004.
12
Jan Chomicki, Efficient checking of temporal integrity constraints using bounded history encoding, ACM Transactions on Database Systems (TODS), v.20 n.2, p.149-186, June 1995  [doi>10.1145/210197.210200]
 
13
Nicodemos Damianou , Naranker Dulay , Emil Lupu , Morris Sloman, The Ponder Policy Specification Language, Proceedings of the International Workshop on Policies for Distributed Systems and Networks, p.18-38, January 29-31, 2001
 
14
D. J. Dougherty, K. Fisler, and S. Krishnamurthi. Specifying and reasoning about dynamic access-control policies. In U. Furbach and N. Shankar, editors, IJCAR, volume 4130 of LNCS, pages 632--646. Springer, 2006.
 
15
D. J. Dougherty, K. Fisler, and S. Krishnamurthi. Obligations and their interaction with programs. In ESORICS, pages 375--389, 2007.
 
16
D. Ferraiolo and D. Kuhn. Role based access control. In 15th National Computer Security Conference, pages 554--563, 1992.
17
Kathi Fisler , Shriram Krishnamurthi , Leo A. Meyerovich , Michael Carl Tschantz, Verification and change-impact analysis of access-control policies, Proceedings of the 27th international conference on Software engineering, May 15-21, 2005, St. Louis, MO, USA  [doi>10.1145/1062455.1062502]
 
18
M. Gelfond and V. Lifschitz. The stable model semantics for logic programming. In R. Kowalski and K. Bowen, editors, Proc. 5th International Conference and Symposium on Logic Programming, pages 1070--1080, Seattle, Washington, August 15--19 1988.
 
19
Robert Goldblatt, Logics of time and computation, Center for the Study of Language and Information, Stanford, CA, 1987
20
Joseph Y. Halpern , Vicky Weissman, Using First-Order Logic to Reason about Policies, ACM Transactions on Information and System Security (TISSEC), v.11 n.4, p.1-41, July 2008  [doi>10.1145/1380564.1380569]
21
Keith Irwin , Ting Yu , William H. Winsborough, On the modeling and analysis of obligations, Proceedings of the 13th ACM conference on Computer and communications security, October 30-November 03, 2006, Alexandria, Virginia, USA  [doi>10.1145/1180405.1180423]
22
Sushil Jajodia , Pierangela Samarati , Maria Luisa Sapino , V. S. Subrahmanian, Flexible support for multiple access control policies, ACM Transactions on Database Systems (TODS), v.26 n.2, p.214-260, June 2001  [doi>10.1145/383891.383894]
 
23
Sushil Jajodia , Pierangela Samarati , V. S. Subrahmanian, A Logical Language for Expressing Authorizations, Proceedings of the 1997 IEEE Symposium on Security and Privacy, p.31, May 04-07, 1997
24
Sushil Jajodia , Pierangela Samarati , V. S. Subrahmanian , Eliza Bertino, A unified framework for enforcing multiple access control policies, Proceedings of the 1997 ACM SIGMOD international conference on Management of data, p.474-485, May 11-15, 1997, Tucson, Arizona, United States
 
25
R Kowalski , M Sergot, A logic-based calculus of events, New Generation Computing, v.4 n.1, p.67-95, 1986  [doi>10.1007/BF03037383]
 
26
Peter Loscocco , Stephen Smalley, Integrating Flexible Support for Security Policies into the Linux Operating System, Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, p.29-42, June 25-30, 2001
 
27
J. McCarthy. Elaboration tolerance. In Proc. Common Sense 98, 1998.
 
28
Rob Miller , Murray Shanahan, Some Alternative Formulations of the Event Calculus, Computational Logic: Logic Programming and Beyond, Essays in Honour of Robert A. Kowalski, Part II, p.452-490, January 2002
 
29
Christos Nomikos , Panos Rondogiannis , Manolis Gergatsoulis, Temporal stratification tests for linear and branching-time deductive databases, Theoretical Computer Science, v.342 n.2-3, p.382-415, 7 September 2005  [doi>10.1016/j.tcs.2005.05.014]
 
30
OASIS XACML TC. extensible access control markup language (XACML) v2.0, 2005.
 
31
Giovanni Russello , Changyu Dong , Naranker Dulay, Authorisation and Conflict Resolution for Hierarchical Domains, Proceedings of the Eighth IEEE International Workshop on Policies for Distributed Systems and Networks, p.201-210, June 13-15, 2007  [doi>10.1109/POLICY.2007.8]
32
Ravi Sandhu , Venkata Bhamidipati , Qamar Munawer, The ARBAC97 model for role-based administration of roles, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.105-135, Feb. 1999  [doi>10.1145/300830.300839]
 
33
Richard Simon , Mary Ellen Zurko, Separation of Duty in Role-based Environments, Proceedings of the 10th IEEE workshop on Computer Security Foundations, p.183, June 10-12, 1997
 
34
B. Van Nuffelen. Abductive constraint logic programming: implementation and applications. PhD thesis, K. U. Leuven, Belgium, June 2004.

INDEX TERMS

Primary Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.4 System Management

Additional Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.1 Project and People Management


General Terms:
Design, Management


Keywords:
authorization, formal analysis, policies, security

Collaborative Colleagues:
Robert Craven: colleagues
Jorge Lobo: colleagues
Jiefei Ma: colleagues
Alessandra Russo: colleagues
Emil Lupu: colleagues
Arosha Bandara: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player