Decidability of Safety in Graph-Based Models for Access Control
نویسندگان
چکیده
Models of Access Control Policies specified with graphs and graph transformation rules combine an intuitive visual representation with solid semantical foundations. While the expressive power of graph transformations leads in general to undecidable models, we prove that it is possible, with reasonable restrictions on the form of the rules, to obtain access control models where safety is decidable. The restrictions introduced are minimal in that no deletion and addition of a graph structure are allowed in the same modification step. We then illustrate our result with two examples: a graph based DAC model and a simplified decentralized RBAC model.
منابع مشابه
Controlling Access to a Digital Library Ontology - A Graph Transformation Approach
This paper presents a graph-based formalism for an Ontology Based Access Control (OBAC) system applied to Digital Library (DL) ontology. It uses graph transformations, a graphical specification technique based on a generalization of classical string grammars to nonlinear structures. The proposed formalism provides an executable specification that exploits existing tools of graph grammar to veri...
متن کاملOn the Decidability of the Safety Problem for Access Control Policies
An access control system regulates the rights of users to gain access to resources in accordance with a specified policy. The rules in this policy may interact in a way that is not obvious via human inspection; there is, therefore, a need for automated verification techniques that can check whether a policy does indeed implement some desired security requirement. Thirty years ago, a formalisati...
متن کاملA model for specification, composition and verification of access control policies and its application to web services
Despite significant advances in the access control domain, requirements of new computational environments like web services still raise new challenges. Lack of appropriate method for specification of access control policies (ACPs), composition, verification and analysis of them have all made the access control in the composition of web services a complicated problem. In this paper, a new indepe...
متن کاملA combination of semantic and attribute-based access control model for virtual organizations
A Virtual Organization (VO) consists of some real organizations with common interests, which aims to provide inter organizational associations to reach some common goals by sharing their resources with each other. Providing security mechanisms, and especially a suitable access control mechanism, which enforces the defined security policy is a necessary requirement in VOs. Since VO is a complex ...
متن کاملMaximal Independent Sets for the Pixel Expansion of Graph Access Structure
Abstract : A visual cryptography scheme based on a given graph G is a method to distribute a secret image among the vertices of G, the participants, so that a subset of participants can recover the secret image if they contain an edge of G, by stacking their shares, otherwise they can obtain no information regarding the secret image. In this paper a maximal independent sets of the graph G was ...
متن کامل